Risk Management for IoT Security Breaches

By November 15, 2017 No Comments

Internet of Things (IoT) breaches are becoming more prevalent in industries across the board. The “things” in IoT refers to devices – besides computers, hard drives and servers – that can connect to a network, such as your alarm system, a refrigerator, a car with built-in sensors or even an implanted heart monitoring device. The idea of the Internet of Things is that many everyday electronics are connected to a network along with computers. Now, online risk management and security strategies must include these “things” to completely protect a company.

The issue is that manufacturers of IoT products use mass production techniques to get their devices to market quickly, and they often rely on cheap hardware and outdated operating systems to speed up the process. As a result, these products come with inherent security risks.

In other words, cyber attacks via IoT devices are fairly easy for a hacker to create – but they can be very difficult and costly to fix. According to the recent Altman Vilandrie Report, about half of surveyed companies reported that they had suffered an IoT attack, and many of them experienced anywhere from $250,000 to $20 million in financial losses, depending on the size of the company.

There is also the risk that certain IoT systems, such as heart and vital monitors used in hospitals, can be hacked, causing them to malfunction and endanger people’s lives.

Companies that regularly use IoT devices should be especially careful to protect their employees and their data and should follow these best practices:

  1. Properly configure IoT devices. Proper configuration is the key to securing IoT devices right off the bat. A must for companies who have frequent visits from non-employees is to set up any IoT devices on a separate network with a unique password so outsiders can’t access the core network through one of these devices.

We also suggest changing certain settings, such as turning off “Universal Plug and Play,” a common feature on many IoT devices that are meant to connect with other devices, such as a wireless printer to a computer. That setting makes devices automatically discoverable and allows them to access information about each other, which creates a simple way for a skilled hacker to access a system. Just one misconfigured device can put an entire company’s data in jeopardy.

  1. Implement robust policies and procedures. A company’s IT personnel must be aware of all IoT devices and how they’re accessing the company network. Are they connected to the primary network or the secondary/guest network? If they are connected to the primary network, are they able to access the same data as a company computer?

It’s important to establish IoT guidelines, such as whether employees can use personal IoT devices in the office and if so, how they should get their devices approved. Communicate these policies to all employees and help them understand the key role they play in protecting the company.

  1. Monitor for breaches. When a user circumvents the written policy, or an outsider gains network access through a device, the security team must have the visibility to catch it. Make sure the company’s security platform is up to date and scanning IoT devices as part of its regular processes. Also, use an Intrusion Detection System (IDS) to help catch suspicious activity in your network.

As IoT devices become increasingly more prevalent in the workplace, the risk of a cyber attack will only continue to rise. Don’t wait for disaster to strike – take the appropriate risk management steps now to protect your company and its data.

For more information on how to prevent an IoT breach, contact us at or 615-499-7600.

Leave a Reply