From automated access control and security devices to smart lighting systems, IoT-enabled devices are changing the way we look at security solutions for homes, offices, schools, and other buildings. But with the convenience that the internet of things can bring, there are also security concerns that organizations need to address before implementation. Improving access control and security for IoT-enabled security devices allows organizations to protect their sensitive data and prevent cyber attacks.
When it comes to security for your IoT devices, complicated isn’t always better. Here are 5 practical ways that you can improve device security for your IoT security devices:
1. Create passwords with minimum security standards.
One important way to protect your devices and private data is to create passwords using minimum security standards. While password security measures may vary depending on the organization, security professionals generally agree on the following:
- Do not use default credentials. Your IoT-enabled security devices will come with a default set of credentials from the factory. You should change these credentials immediately.
- Go for length over complexity. Longer passwords are harder for hackers to access. Create passwords that are a minimum of 10 to 12 characters.
- Don’t use the same password for multiple devices. You should never use the same password for multiple devices or accounts. Unique passwords help reduce the risk of getting hacked.
- Avoid the most commonly used passwords. Consult a list of the most commonly used passwords. Avoid using these words or phrases when developing your own passwords.
2. Use multi-factor authentication.
Multi-factor authentication (MFA) is a relatively easy way to improve security for IoT-enabled devices. MFA allows your organization to add a layer of security when logging into IoT security devices. After typing in your password, you will be asked to provide a second form of authentication.
This second form of authentication is often tied to something the organization has. For instance, you might get a time-based pin sent to a company device. After entering the password, you will be asked to enter the pin in order to gain access to the device.
3. Routinely update your passwords.
It’s important to routinely update your passwords to prevent hackers from breaching or having constant access to your IoT security devices. But how often should you change them? While some organizations make their staff change passwords on each account or device every 30, 60, or 90 days, this may actually backfire.
Changing your passwords too frequently can actually result in reduced security, as it encourages individuals to write down passwords in order to remember them or rotate frequently used passwords, which may be more easily hacked.
Instead of putting an arbitrary time requirement on password changes, focus on changing passwords every time there is an event that may compromise security. Examples include evidence of unauthorized access to your security devices or when you’ve shared an account with someone who no longer uses the login. You should also change your passwords at least once a year, especially if you are not using multi-factor authentication.
4. Manage network access and create acceptable use policies.
One of the greatest security challenges for organizations that use IoT-enabled devices is controlling network access for connected devices. Organizations need to understand what behaviors and activities are acceptable for the connected devices, then deploy access controls that limit access without hindering activity.
Managing network privileges helps ensure that devices can operate as they were designed to while limiting their ability to conduct unauthorized activities that may compromise sensitive data. These controls also help your organization codify a baseline for expected behavior, which can help in identifying unusual or malicious behavior.
5. Include IoT activity as part of your network monitoring.
If you have an IT provider or software that provides network monitoring for your organization, you should include your IoT security devices as part of this monitoring. Every device will have a normal pattern of behavior that your networking monitoring solution can identify. If the device begins to communicate over the network in an unusual manner, it can be a sign that your system has been hacked.
Including your IoT security devices in your network monitoring will enable you to recognize unusual behavior and isolate the affected device before any of your other devices or your data are impacted.
As an experienced provider of life safety and security solutions, DSC is serious about security. Our team aims to design security solutions that integrate seamlessly into secure IT networks. To learn more about how DSC can help you improve access control and security for your IoT security devices, contact us today.
DSC
DSC : February 1, 2017
