How to protect small business IoT
Chances are your small business already uses Internet of Things technology for day-to-day tasks. Smartphones, for instance, have become a standard tool for any businessperson to stay on top of emails, projects, finances, and processes.
And now, IoT and cloud networks provide seamless interaction between managers and employees with smartphones, computers, and IoT hardware to streamline workflow company wide.
Just as you set the alarm before locking up at night, you need to have plans set in place for cyber and IoT security for your small business. Think of protection in three tiers: personal, intrapersonal, and network. Personal protection provides protection for your IoT connected devices, such as smartphones and laptops. Intrapersonal protection helps keep any shared information on the cloud private. Network protection strengthens your IoT network to prevent tampering with network and hardware settings, says Alexander Oriani.
Here are some tips on how to set up your IoT infrastructure to ensure the only people who have access to your business’s valuable information are those you allow to access it.
Passwords: The key to cyber security
Passwords protect your IoT network and need to be strong enough to deny hackers and unauthorised parties entry. In 2014, Russian hackers gained access to over a billion passwords by using bots, automated processes that crawl website code, trying different passwords until they gain entrance. Hackers use bots to crack as many emails, passwords, and credit card numbers as possible, and a strong password is their greatest blocker.
Password that feature capital and lowercase letters, numbers, and symbols are exponentially harder for bots to crack, so small business owners should make setting complex passwords a best practice for themselves and employees
The final way to ensure passwords keep your network secure is to by using a unique password for every access point. According to Entrepreneur.com, 73% of online accounts use duplicated passwords. Imagine you or one of your employees has a password stolen from a website. If any of their other accounts within your business shares that stolen password, your system is now far easier to exploit.
Layer your security efforts
Unfortunately, even strong passwords can be cracked. You need to be certain that even if an unauthorised person has your password, they still won’t be able to access any of your business’s valuable information.
Set up a firewall: A firewall is an extra layer of protection that can restrict access based on certain criteria, such as an IP address or location. You can setup your firewall to allow specific devices access while restricting others so that only authorised users can access your network, regardless of the password used.
Encrypt your data: Encryption is another tool you should add to all of your cyber security efforts. Encryption, like a secret code, uses mathematical formulas to turn your text and data into an illegible block of text. Whoever has the same formula can reverse the illegible text to its original, legible form. Let’s say an unauthorised party has access to your Google Drive and is looking for your tax or financial information. If your files are encrypted, they are useless to the intruder without the key to decrypt it.
Encryption also protects your passwords and credit card information from being stolen. Whenever you enter a password or financial transaction online, that information is sent from your computer to a server, and hackers can intercept that data while it’s in transit.
Secure Socket Layers (SSLs) encrypt sensitive data such as passwords, usernames, and credit card details so the information is useless to anyone who intercepts it before it reaches its intended destination and is decrypted. Install SSLs on any login pages you use for your small business including your website and anywhere you collect private personal and banking information from customers.
Smart and secure employees
Even a well-protected small business IoT network can’t account for human error. An employee may leave a laptop open in a public place, or they may not have the newest security updates for their smartphone apps leaving them open to malware. Create a network security policy for the use of smartphones and other connected devices for your employees to prevent risky scenarios. Your employees should have strong passwords on their devices and keep them locked when not in use.
Be certain that your network security policy also includes the use of virus protection software for both PC and mobile devices. Software manufacturers check for vulnerabilities in their code and patch them periodically, so apps and software should be updated to their newest versions regularly to prevent the use of known exploits.
Stay away from unverified, third-party apps. According to Forbes.com, 97% of mobile viruses are on the Android platform. Android phones are not inherently virus prone, but their ability to download unverified apps can lead to infection if the user in not careful. Most instances of Android malware were due to downloading apps from third-party vendors, so any apps your business uses should be from reputable sources, such as the Google Play store or Apple’s app store.
If your small business is ready to for a secure IoT solution, Neo has what you need, including VPN / Private Link for complete encryption of the communication between your devices and your corporate network.
The author of this blog is Alexander Oriani
Comment on this article below or via Twitter: @IoTNow_ OR @jcIoTnow