Managing IoT Security and Privacy Challenges

Organizations and individuals now rely on the Internet of Things to power their everyday lives. By 2020, more than 20 billion IoT devices will be in use.

You may be using these devices every day, but do you know how it impacts your security and privacy? It’s important for any IoT consumer to be aware of how their data is being used and how to protect their privacy.

In this blog, we share a few of the best ways to manage IoT security and privacy challenges. 

Determine Which Devices Are Necessary & If the Manufacturer is Reputable

Your first and most important question to ask before buying a new IoT device should be “do I REALLY need it?” Understand how this device will improve your daily life and if it is worth the risk of exposing your data, in the event of a major data breach.

IoT devices offer a plethora of benefits. You can monitor your physical environment, personal health, location, and your likes, dislikes, and behaviors. But, consider how you might be sacrificing privacy and security at the benefits of convenience.

Krebs on Security reported that certain IoT security cameras are connected to Peer-to-Peer (P2P) networks run by Chinese manufacturers. Having a device that is secretly sending your data to a P2P network is not something you want to deal with. Make sure you’re purchasing your IoT devices from reputable brands. Cheaper doesn’t always translate to long-term value or data privacy!

Review Privacy Policies and Settings on Connected Devices

Before you even purchase an IoT device, you should be aware of the privacy policy for the device and the company. You need to understand how your data is collected, analyzed, and stored. Privacy policies should provide an explanation across the entire data lifecycle. If they don’t, then you should seriously consider another company for your connected needs.

You should also be aware of privacy options and settings for these devices. You may be able to change who gets to see your data and what data is shared with third parties. Make sure your device also supports two-factor authentication to ensure your data is protected from the hands of cybercriminals.

Remember, you should be in control of your data no matter what!

Change the Default Credentials

Everyone knows how important password management is and it carries over to your IoT devices as well. Make sure you change the default username and password on your IoT devices. Don’t leave them as admin and password because hackers use this immediately to attempt to access your connected devices.

As mentioned previously, make sure to review the device settings and defaults to see if you can add additional layers of security within the settings. Also, when setting up your device for the first time, make sure you’re using Wi-Fi Protected Access (WPA2) and keep in mind that WPA3 will be coming out later in 2018 for many wireless devices.

Setup Automatic Updates and Stay Aware of Updates

More than 60 new vulnerabilities are found per day with that number rising with the number of connected devices manufactured! IoT manufacturers will be releasing hundreds if not thousands of updates or patches to cover these open vulnerabilities in their systems.

Keep an eye on any firmware and software updates that are announced or released. You can setup Google Alerts to immediately know of these releases, or you can make sure you’re subscribed to the following security advisories of the top technology manufacturers:

• Intel – Security Advisory
• Android – Security Bulletin
• Apple – Update OS to 10.13.2 (and 10.13.3 when it becomes available)
• ARM – Security Update
• AMD – Security Information
• AV Vendors
  • Emsisoft
  • ESET
  • Sophos
  • Trend Micro
  • Webroot
• Microsoft – Security Guidance
• Amazon – Security Bulletin
• Google – Project Zero Blog
• Linux – LKML
• Mozilla – Security Blog
• Nvidia – Security Forum
• Red Hat –Vulnerability Response
• Debian – Security Tracker
• Ubuntu – Knowledge Base
• SUSE – Vulnerability Response
• LLVM – Spectre (Variant #2) Patch
• CERT – Security Vulnerabilities
• MITRE- CVE-2017-5715 | CVE-2017-5753 | CVE-2017-5754
• VMWare – Security Advisory
• Citrix – Security Bulletin
• Xen – Security Advisory

Place a Firewall in Front of Devices

For organizations, this may be a little easier or more common. But, if you can consider using a firewall in front of your IoT devices, you will be protecting your data and content more thoroughly. Your business most likely uses a firewall appliance as a buffer in between your IT hardware, networking, and data. It’s a helpful tool to use when protecting your organization or your home from attacks.

IoT devices in the home can also be placed behind a firewall appliance or firewall software supplied with your router to filter incoming traffic. You should be able to change the settings within the firewall to only allow restricted incoming traffic on specific ports.

If you’re looking for a list of some of the best smart-device firewalls, check out this helpful resources from The Daily Dot titled ‘These smart firewalls will keep hackers out of your home.’

What other measures are you taking to secure your smart home and personal IoT devices? Tell us below in the comments!

Did you enjoy this blog article? Comment below with your feedback.