A Professional’s Guide
Helping end users get – and stay – cyber secure in the IoT era
BTy Ryan Zatolokin
he interconnectivity and integrations created by the Internet of Things (IoT) deliver many ben- efits, but because all devices and systems can be vulnerable to breaches, this hypoconnectivity can also have a major downside.
As demonstrated by each publicized data breach, the need to protect network devices and systems from unauthorized and unwanted intrusion has never been greater. The results of these breaches can be catastrophic, ranging from loss of customer con- fidence to business closure or even legal action. As a result, cy- bersecurity must be a top priority for everyone, particularly in the IoT world.
Thankfully, integrators and other security professionals can play an important role in cybersecurity by following a number of strategies and best practices to make sure their customers’ sys- tems are protected both at the time of deployment and on an ongoing basis.
Password Management
Practically all devices, whether for security or other purposes, come with default passwords. Because these defaults are well- known and readily available on the Internet, it is imperative that all devices are deployed with new passwords. But simply chang- ing the password is not enough; it is imperative that chosen pass- words are difficult to crack.
Creating a strong password is a simple thing to do, but unfor-
12
JANUARY/FEBRUARY 2020 | SECURITY TODAY
tunately, it is often overlooked in favor of more complex technol- ogies and practices to protect a system. However, a strong, unique password is more than a great first step in cybersecurity–it is the easiest way to prevent unauthorized access to a system.
Legislation, such as California’s SB-327, is driving change and helping to do away with weak default passwords. A device must have either a strong unique password by default or force you to change the password when the device is turned on for the first time. Some manufacturers have changed their firmware to accommodate these new requirements, with several being “secure by default,” meaning no services will work until the password is set.
For the highest level of protection, passwords should have no fewer than eight characters (a mix of upper and lowercase letters, numbers and symbols) and should not include words that would normally be found in a dictionary. Consider using passphrases, such as a made-up sentence, to help remember increasingly com- plex passwords.
Once passwords are in place, it also is important to change them regularly, especially if a number of people have access to a system. Depending on the size of the customer’s organization, integrators either ensure passwords are regularly changed under an extended service agreement or this can be handled by the end user’s IT department.
Device Selection and Deployment
Long before passwords even need to be considered, strong cy-
INTERNET OF THINGS
LeoWolfert/Shutterstock.com