The rise of connected IoT (Internet of Things) devices has been great for commercial real estate owners who want advance their building’s technological offerings with things like motion sensors, automatic lighting and door locks, better security cameras and remote thermostat controls. Unfortunately, the rise of connected IoT devices has also led to increased security risks, IT media site Tech Guidance reports.
An OpenDNS IoT study showed that 23 percent of its respondents said they had no mitigating controls to prevent unauthorized device access in their company’s networks. This means that the standard methods of securing end point devices won’t be sufficient in this IoT era. The more connected devices that join a company’s network, the greater the need is to invest in security solutions.
Current IoT security risks
IoT has become more critical to business functions like fleet management, retail and manufacturing. Employees in these industries, and others, bring their own IoT devices such cell phones, tablets and wearables to work and put them on their company’s network. These personal devices only create more vulnerable endpoint for tenants and lead to security risks like ransomware, data breaches, spyware and data influx.
There are a number of reasons why IoT devices are hurting network security. First, IoT devices are missing basic security requirements. They also come with a lot of standards and protocols that can create security blind spots. Plus, with so many IoT deployments happening every day, it’s hard to keep watch of every potential security threat. Finally, there’s a shortage of internal responsibility when it comes to IoT, privacy and security, according to Tech Guidance.
What to look for in your existing security measures
Looking at your current IoT security practices is one way to reduce future threats. Some things companies should look into as they access their security include their current BYOD (bring your own device) policy, their current investment strategy for upgrading and enhancing security for the organization, the amount of remote employees it has, if the main source of security is an internal hardware system and the safeguards that are in place to secure and limit data exposure when transmitting and receiving.
How CRE owners and companies can minimize risks
A lot of connected devices weren’t built with a security-first approach, according to Tech Guidance. That means the Wi-Fi router that a small business relies on does not have current firmware. Meanwhile, it’s questionable if the traditional hardware security, corporate firewalls, UTM (United Threat Management) and routers are enough to protect endpoints on the LAN (local area network).
Right now, there are too many endpoints to monitor, and that won’t change as more IoT devices join a company’s network. The increased volume of devices will allow too many alerts to circumvent firewall and routers, and at some point a company’s IT team won’t have the resources, time or attention to decide what alerts are important and which ones it can let go.
Instead, security needs to be handled virtually in a place where these security alerts can be properly filtered out and identified so it can be determined if a threat is critical and needs attention. Tech Guidance recommended some of the following solutions to help businesses and building owners protect themselves:
• UTM solutions that protect the WAN and LAN
• Network-based security
• Managed security solutions
• IoT device-specific security measures like authentication and encryption
• Threat intelligence and analysis
“An alternate route would be to leverage an MSP (Managed Service Provider) that provides both thought leadership and the management of the entire environment,” Tech Guidance wrote.