How to mitigate and avoid IoT Risks?

  •  Create a separate Network for IoT Devices and other important machines like PC and Laptop:

If a hacker manages to break into the IoT network, he will still not be able to hop on to the Network to which our PC and Smartphones are connected since they are segregated physically. Particularly, it is recommended to use different routers or splice the network and secure the router with strong password and keeping the firmware up to date with regular vulnerability patches.

  • Limiting which devices need to be connected online and when:

Are the smart speakers required to be turned on during Night time when everybody is asleep, or the Smart Coffee maker is required once we had the coffee? In industries and factories are the smart sensors required to be on when the machinery is not running and when the works have gone home? So we need to consider when we are adding a new IoT device to the network whether it needs to be online all the time or only when required thereby limiting the scope of that device getting hijacked for nefarious purposes.

  • Use Strong, unique passwords and enable MFA wherever possible:

Passwords act as the first gateway when a hacker is trying to deliberately enter a network or while attacking. Therefore, Passwords need to be strong and unique so brute force attacks (although not common) cannot crack the passwords. Storage of the passwords in plain text on machines should also be avoided. If the

passwords for different machines are hard to remember, we should use password manager. Always enable Multi-factor Authentication wherever possible to add that extra layer of safety when it comes to breaches.

  • Security Patches and Vulnerability updates:

It is recommended to keep all IoT device firmware and software to be running the latest patch level or the security level. Also updating the configuration if a new security feature has been added in the last update. Keeping the firewalls and network route tables behind a secure interface helps in network related breaches.

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.