The Internet of Things is about connecting multiple devices over the internet and allowing them to talk to us, to applications, and to each other. To put it simply, Internet of Things devices are intended to make our lives easier. But, not everyone is paying attention to the security risks of all these devices – and they should be.
Symantec’s Internet Security Threat Report Vol 20, released last year, found that the Internet of Things’ security risks had increased exponentially. Symantec found that in 2014, 52% of health apps – many of which connect to wearable devices – didn’t have privacy policies in place. And, 20 percent of these apps sent personal information, logins and passwords in clear, readable text.
Internet of Things (IoT) devices often don't have strict security measures in place. “You can't lock a door and leave a window open, and you can't lock the window but leave the garage open,” says Brian Witten, senior director of Internet of Things at Symantec.
“Sometimes attackers come in over the bridge from traditional IT systems into ‘operational’ technology (OT) or IoT systems like the blast furnace or factory floor operations, or the networks supporting ATM or POS operations. Sometimes they dial up cellular modems on these IoT devices, and other times they attack them directly over the Internet.”
It’s time to face the facts – the convenience of IoT comes with a whole lot of security risks. According to MIT Information Systems and Technology, one of the biggest issues of these devices is that manufacturers are motivated by profit rather than security.
For example, some have default passwords that are posted online and cannot be easily changed. Unlike a phone or computer, the software in IoT devices can quickly become outdated without a way to update it.
The simplest way to protect your Internet of Things devices from security risks is to disconnect them from the internet when they’re not in use. Update them often or, better yet, set them to update automatically. If your device allows you to configure privacy options, try to limit the amount of information it shares. In addition, ensure that your passwords are unique and strong or choose to use devices or applications that require the use of one-time passwords.
That’s where two-factor authentication comes in. Simply put, 2FA uses something the customer knows, like a password, and something they have, like a smartphone receiving a one-time password. Most importantly, two-factor authentication can keep your IoT devices safer from attacks and protected from hacking attempts. Read more about how two-factor authentication protects against the biggest online security risks.