Without proper security controls, compromising an IoT device is easy work for hackers, giving them access to potentially more than just the device. Let's make it harder for them in 2019!
We live in a world where people want to be more connected to the things they care about, have more control, and do so anytime, anywhere. It’s the reason why IoT devices like Nest cameras have become popular among consumers and small businesses.
But recent stories around the hacking of such devices highlights the need to ensure they are secure:
In one case, a family’s Nest camera used to monitor their baby was hacked, with the hacker scaring the family by stating he was in the room and was planning to kidnap their baby.
In another, a white hat hacker compromised a Nest camera and spoke to the camera’s owner warning him about how insecure the device was.
While the two examples are relatively benign, we have seen at least one story in the news of a casino data being breach occurring through a temperature control device for a fishtank. And with many smaller IT departments relying on easy-to-implement and manage security cameras, these Internet-accessible devices are the perfect entry point for external attackers looking for a way in.
When connecting these devices – both at home and in the workplace – consider the following guidance:
- Limit External Access – In all cases mentioned above, the devices were accessible from the Internet. Requiring a VPN connection to access the network and then the device is one way of keeping prying eyes from getting to your devices.
- Use two-factor authentication – Many IoT devices support two-factor authentication. Using 2FA eliminates a hacker’s ability to easily access your devices. In the cases of the Nest cameras above, it would have stopped the hackers from gaining control over the devices.
- Use Unique Passwords – In one of the scenarios above, the user’s information on the web had been compromised, including the password he reused on multiple sites and his camera. Use different passwords for each site, device, application, etc. There are plenty of web-based and local password vault applications to help you keep track.
The reuse of passwords is not uncommon – according to LastPass’ 2018 State of the Password report, half of all employees reuse passwords across both home and work accounts. This puts the organization at risk. Users need to be educated using Security Awareness Training on proper password etiquette, password reuse, how to create secure passwords, and more.
We’re only going to see more IoT devices in the workplace and at home. Now is a good time to be thinking about properly securing these devices – regardless of where they are used - to ultimately ensure the security of the organization’s network and data.