Many utilities are exploring IoT devices in a connected world to improve visibility of their network and equipment, reduce costs and emissions and improve resiliency. However connecting everything together necessarily introduces vulnerabilities. With cyber crime at an all-time high, how should companies protect their IoT devices?
IoT devices have become part of the utilities landscape recent years. But this exponential growth of smart devices has multiplied IoT security threats. Hackers are increasingly targeting IoT equipment to install malware, steal data, or to use them in botnets.
So here are some IoT device security best practices to be aware of and implement.
Â
1. Choose Security Verified Devices from Reputable Companies
There are a lot of different devices on the market. Some are very good, and some...less trustworthy. It is important to ensure that the vendor of the equipment has a strong and continuing focus on best security practice. You do not want to purchase units with some kind of deliberate or unintentional “backdoor” that hackers can use to infiltrate your systems.
Â
2. Utilize a Zero Trust Security Model
Normally when a user engages with a device they only need to be verified and authenticated once. In a IoT world it is best to adopt a “Zero Trust Security Model” – that is, each IoT device and user will be verified and authenticated whenever they try to connect to an IoT network. That way, you ensure everyone is who they say they are, and every device is authentic.
Â
3. Enable MFA Whenever Possible
Multi-factor authentication (MFA) is an authentication method that requires a user to provide two or more factors to gain access to a device. For example, instead of asking for only the username and password, the authentication server could ask for an additional factor like one-time passcode to grant access to the device. If your IoT devices support MFA, it is important to implement it. Doing so will add an extra layer of security.
Â
4. Segmented Networks for Better Access Control
Another safety procedure is to break up large networks into smaller ones, so they can have firewalls between them and operate independently, while always able to communicate. So if one suffers a breach, it can be shut down without compromising the whole network. Network segmentation makes it difficult for threat actors to move laterally in the network and cause a lot of damage.
Â
5. Keep Your Devices Up to Date
Unpatched vulnerabilities can be an entry point for malicious entities. Install all firmware updates as soon as they are available, and ensure you're downloading updates from the device manufacturers' websites. Use automatic updating where possible. So Malicious actors cannot exploit known vulnerabilities. It is also a good policy to update any default privacy, password and security settings.
Â
6. Disable Unused Features
Disabling unused features on your IoT devices is another way to protect your connected devices from hackers. IoT devices come with a range of features, and you may not use all those features. For example, some devices might have a built-in communications system that does not interface with your company's devices.
If you activate all the available features and services on devices, it increases the attack surface, so that threat actors will have more opportunities to exploit vulnerabilities in the IoT platforms.
Â
Overall, it is also important to have overlapping categories of security: for example your in-house ICT department, an external security consulting firm, as well as liasing with cyber law enforcement such as the FBI and other security leadership bodies.