Every day the number of devices connected to each other and to the Internet increases.
For example, it is common in homes to see cell phones connected to the Router, which in turn communicate with the television and other electronic devices.
Electric locks, electronic surveillance systems, etc. have also become common.
According to a Gartner report, more than 20 billion devices are expected to be connected by 2020.
With so many “things” connected, the security challenges become immense. How can these devices be protected? Is there a way to prevent them from being used as avenues for attacks and causing harm to businesses and individuals?
Industry 4.0 also suffers impacts from safety failures. Today, most of the equipment present in the industry is connected to the Internet, allowing a number of advantages for the management and control of these devices.
So, how can we prevent a security failure from putting the operation of these equipments at risk?
In this article, we will present guidelines on good practices for safety in the IoT, so that technology professionals minimize the risks related to the use of this technology in companies of all kinds. Continue reading!
Why are IoT devices more vulnerable?
This is one of the big questions of the professionals who use this kind of technology in their structures.
The reason why IoT products are notably more vulnerable is related to the architecture used in their development; in fact, most of the time they are devices with very strict physical resources (processing, memory, etc), which prevent the implementation of security mechanisms in their structures.
Therefore, when using products with these characteristics, it is highly recommended to place security devices to minimize the success and impact of attacks that aim to exploit the vulnerabilities present in these devices.
Practical advice to ensure the safety of IoT devices
Due to the security limitations that exist in these devices, it is possible to suggest some tips or advices that will be fundamental to protect the corporate networks that many times are also used for the information traffic of these devices.
Purchase certified devices
One of the most neglected points when purchasing IoT devices is the purchase of devices according to their price. It is really important that professionals evaluate the minimum levels of attachment of these devices with the RFCs, or with some other type of existing standard in the market.
It is also important to evaluate the brands that have nohall in the development of this type of technology to minimize the risks associated with the use of devices with low quality, and therefore more susceptible to be vulnerable.
Map all IoT devices
It is essential that all the IoT devices used in the company’s day-to-day operations are mapped and properly controlled by specialized tools.
Knowing all the devices is the best way to guarantee the safety of the corporate network. Therefore, it is important that technology professionals put their efforts into preventing IoT devices from being included in the company without prior approval.
Isolate these devices physically
This is a good safety practice that must also be applied to networks that traffic data from IoT devices. It is recommended that specific networks be established to connect the IoT devices so they are physically isolated from the company’s administrative network.
This type of actions prevents the malicious user from gaining access to the servers and other equipment connected to the corporate network in case there is a compromised IoT device.
There are specific network projects to specifically connect IoT devices, however, most of them still use the same network and Internet used in organizations.
Establish specific safety policies for IoT devices
It is important to know the purpose of each IoT device and to implement specific control policies in each case. It can be explained with an example, using as a scenario a hospital that has an MRI device, which is remotely maintained by professionals in Germany.
This equipment has an internet connection in order to send reports to the manufacturer, as well as actions to give maintenance to the equipment.
This is a fairly common scenario in the daily life of hospitals, however, it is necessary to be careful, for example, to ensure secure remote access to the manufacturer of the equipment, using a VPN as a resource.
Another possibility is to restrict to minimum levels, the communication of the equipment to the Internet; as well as other alternatives to minimize the chances of a computer being compromised in the middle of virtual attack attempts.
Always keep your IoT device updated
Attacks usually occur due to the exploitation of flaws in the software layer of the IoT devices.
When that happens, developers usually provide fixes to prevent their products from being compromised.
Therefore, never fail to apply the manufacturer’s suggested updates. Updates prevent known vulnerabilities from being exploited and fixed.
