The rise of the Internet of Things (IoT) means that many business networks are larger than ever before – maybe even bigger than you realize.
The number of devices that may now be a part of your network – via your infrastructure, employees, and customers – has exponentially increased the attack surface for would-be hackers. And that IoT number is only expected to grow. Today, we share tips for ensuring you can maintain data security and privacy in the age of IoT.
Inventory and monitor
One of the first things to do is to make sure you have a handle on what devices are actually on your network. Especially now that BYOD (bring your own device) is a wide practice in companies, employees are connecting any number of potentially unsecured devices.
Consider investing in a network access control (NAC) platform to help you maintain a clear view of what’s on your network, and put proper monitoring in place.
Protect customer and employee data
IoT can mean a wealth of valuable data for your business. Many companies’ product development and marketing teams are benefiting from being able to collect and analyze customer behaviors through IoT devices in a way that was never possible before.
Auto insurance companies are tracking customers’ driving habits. Retailers use location data to push promotions to shoppers at the right time and place. Internally, many organizations now issue fitness tracking devices to employees as part of their healthcare and wellness programs to incentivize exercise and monitor or control healthcare costs.
While all of this data collection means businesses can be more innovative and better-managed, it also means you may have very sensitive private data housed on our network.
Conduct a thorough assessment of the level of risk you’re taking on with this data, and have proper protection in place.
Be transparent
Another issue when it comes to collecting customer or employee data is transparency. How will that data be used, and are you being clear about your use and collection policies? As Facebook recently learned, not knowing to whom that data will be shown and how it will be used can create trouble, fast. Develop clear use policies and communicate them regularly to your customers and employees.
Scan, patch, and test
An unfortunate reality of IoT is that many vendors creating these devices have been lax about making their own products secure. This means the onus is even more on users to do what is within your power through patching, vulnerability scans, and penetration tests.
When vendors do release patches for known vulnerabilities to your devices, don’t put off implementing them.
Hopefully, regular vulnerability scanning and annual penetration testing are already part of your network security program. Take a look at your software and talk to your vendors to verify that the IoT part of your network is included in these security measures.
Ensure proper segmentation
Consider segmenting IoT devices so you can inspect and control the movement of data between them and other segments of your network, and keep potential security breaches isolated if they do occur.
Communicate policies to everyone
True network security isn’t just the job of your IT team. It’s on everyone at every level of your organization to understand and implement security policies and procedures. Whether it’s the CEO who has special permission to use a particular device, or a whole department that’s depending on IoT to make their jobs easier – make sure they all know and understand best practices to keep the whole company secure.
The rise of the IoT represents big opportunities for many organizations, their employees, and customers.
But with those opportunities come expanded risks. Include your IoT devices in your data security and privacy practices so you can be confident that the network is adequately protected as it continues to grow.