Why Small Businesses Need to Be Vigilant About IoT Security Too
The Internet-of-Things (IoT) is revolutionizing markets and businesses today. Manufacturers are reaping the benefits of having interconnected devices. According to McKinsey, the use of IoT in factories will create as much as $3.7 trillion in value by 2025.
But IoT isn’t just for large industries. Small businesses also stand to gain much from looking into the developments in IoT. They should be exploring how smart devices can help them become more effective and competitive. Developments in smart devices already cover plenty of use cases for retail, offices, and homes.
It doesn’t take much investment to be part of this IoT revolution. It’s now common for any hardware or appliance to support some form of internet connectivity. Many may not realize it but the use of wireless printers and radio frequency IDs can already qualify as IoT adoption. The “cooler” technologies like those offered by Nest and SmartThings are now available to the mass market.
Installing smart thermostats, light bulbs, and locks can give businesses a sense of progress. Who wouldn’t want to be part of organizations that keep up with the times? This can be good for staff morale and good for their image. Besides, these things do help save on energy costs and keep premises physically secure.
However, small businesses must also consider the possible vulnerabilities that these devices can introduce even to small office networks. The threat of cyberattacks is real and rampant and these devices are yet another avenue that malicious actors can exploit.
It would pay for these businesses to be vigilant when using IoT devices in their workplaces.
No such thing as too small
Even without IoT, cybersecurity is already a major concern for small businesses. Malware typically target small businesses since they are easy prey. Most fall victim to attacks. 58% of malware victims are classified as small businesses.
It’s understandable why this is the case. Smaller operations typically don’t have access to enterprise-level security. Such protection can be costly and requires technical know-how. They also tend to use lower-spec devices which may not have the proper security features. They also don’t have full-time IT departments or personnel to manage security.
Their staff may not also be trained to apply the best practices in technology use. Untrained end users are likely to commit errors or cause incidences like inadvertently downloading and installing malware from their office devices. Small businesses are also likely to pay the ransom from ransomware attacks (malware that locks legitimate users out of their devices for extortion).
What’s worse is that 87% of small business owners don’t feel that they’re even at risk of being attacked. Yet, they stand the most to lose when attacks do happen. Small to medium enterprises in the US lose $75 billion a year to ransomware. 1 in 5 businesses also shutter its doors after getting hacked.
This, however, shouldn’t discourage small businesses from adopting IoT adoption entirely. All technology projects carry some form of risk. This should just serve as a reminder to be extra vigilant.
Beefing up security
There are ways for businesses to still enjoy the benefits of IoT devices while minimizing security risks. It doesn’t take much investment or effort to cover the essential security concerns. Here are measures businesses can take to secure their networks:
Invest in good devices. Don’t skimp on the quality of devices. There are plenty of low-cost devices flooding the market these days. But these off-brand devices may lack the essential security features to thwart attacks. They may also not have active development that would ensure support over the lifetime of the device. Stick to those that have features like access control, firmware upgrades, and data protection and offer guaranteed support. Nest, for example, keeps devices updated automatically as long as they’re online.
Change the default administrator access. Many devices come out of the box with easy-to-access administrator credentials. For example, they often have username and password combinations like “admin/1234.” Even popular network devices like routers are wont to have such default settings. This is among the most common ways attackers and malware gain access to devices. Change the credentials to hard-to-guess passphrases and keep these credentials secure.
Keep devices up-to-date. Another way an attacker tries to gain access is by exploiting known vulnerabilities in the device’s code. It’s critical to keep devices running on their latest firmware and software. Managing multiple devices can be made easier by using remote management services. Not only could such tools help companies become more efficient in managing numerous devices but these also ensure that device vulnerabilities are always patched properly.
Train staff on proper use. Educate staff on proper use of devices and general cybersecurity best practices. Even ensuring that they don’t just write down account credentials on Post-It notes is a positive step towards securing the workplace. The US Small Business Administration has a free online course that business owners and staff could take to orient themselves on ways to keep workplaces’ networks secure.
Benefits outweigh the effort
IoT adoption can bring many benefits for a small business. Energy management devices do help save on energy costs. Security cameras and smart locks help owners have a watchful eye on their offices and stores.
Retailers could even automate their supply management and stock keeping through point-of-sale scanners and RF trackers. These make businesses run more efficiently and effectively. Making an effort to have security measures in place is all but a small price to pay when adopting any form of technology including IoT.
If you enjoyed this blog, read this one next: Spear Phishers Love Small Businesses
This blog is provided for informational purposes only and may require additional research and substantiation by the end user. In addition, the information is provided “as is” without any warranty or condition of any kind, either express or implied. Use of this information is at the end user’s own risk. CenturyLink does not warrant that the information will meet the end user’s requirements or that the implementation or usage of this information will result in the desired outcome of the end user.