With great power comes great security threats, however, IoT devices can be lacking in protected systems, can connect with many different networks, and can ultimately be an easy entrance for bad actors to access much larger, more valuable, systems.
As a security integrator, how can you ensure that your clients and their employees are making the most of this powerful new technology, while also keeping them safe in the knowledge that their systems are protected as best as can be?
Segregating surveillance and IoT networks
In an IoT world, keeping customers safe means keeping networks segregated. With more entry points now connected to the network from the myriad of devices, there are far more opportunities for bad actors to gain access.
Network segmentation requires separating out different kinds of network traffic and isolating them from one another. This means that if malicious software or defective devices are to connect, they only infect the segment that they are contained within.
When considering how to segregate your or your client’s network, you might consider how you can cluster segments of the network and then design it in such a way to isolate each of them from one another, without negatively affecting the flow of work at the business. For example, the guest wireless network could be isolated from customer databases, as they do not need to interact; the energy use-monitoring sensors could be isolated from the employee wifi.
Implementing best security practices
The rise of IoT can mean an entirely new approach to security, though some of the best practices in cybersecurity as a whole can be adapted and modernized to IoT.
For example, mapping the devices across an organization is key, especially as IoT devices increase. Knowing what is being used where, for what, and by whom is key to designing policies and network segmentation that reflects the day-to-day activity of your client’s business.
Monitoring the network for suspicious activity is also crucial, and flagging points and devices in the network that seem to be more problematic or less predictable, in order to prevent cyber threats.
Regular updates across the network ensure that the latest software, and their fixes, are in place. The devices themselves can also provide extra protection with in-built security mechanisms, or even just stronger passwords, and keeping these under control and regularly checked is another best practice for avoiding threats as much as possible.
Helping customers understand the risks involved
Your customer may be a business that has few IT personnel, and so educating the workforce may require making the effort to bring to life many aspects of cybersecurity – from the importance of unique passwords and avoiding plugging in rogue USB devices, to understanding the implications of connecting personal devices to the company network and social engineering tactics of more mature cybercriminals.
It’s not always easy to immediately internalize how important individual behavior is to cybersecurity threats, and so the task of the security integrator is not just in the network design and connection, but also in educating your clients on how to protect the broader business through employee actions. Showcasing case studies and examples can be a powerful way of adapting messaging to a non-expert audience and can help communications about cybersecurity stick.
As a starting point, we’ve created a Cybersecurity Hygiene eBook, with a basic overview of common security threats and best practices for your clients (and your business too), that you can download here.