Skip to main content

By Leandro Rodrigues *

Over the years, internet-connected devices that collect data have grown exponentially.

There is a nomenclature for this technology that stands out: IoT & ITP38220; Internet of Things & #8221;. It already exists in many people's daily lives, it is present from small appliances to fully automated industrial systems, and can be used in almost any area. The goal of everyday IoT is to increase the productivity and efficiency of businesses and employees by collecting data to help make smarter decisions.

IoT helps improve many areas, but as it works with sensitive information and data from a person and / or organization, security care is vital. One of the biggest challenges for security-focused IT is how to protect the information contained in these devices connected to a network. According to a study by Hewlett Packard, about 70% of IoT devices are vulnerable to attack. The Hewlett Packard report pointed out that credit card information, social security number and other information goes through the network without proper security. To enforce security on data collected or entered on devices that are part of IoT, some measures must be defined.

These include identifying the most vulnerable objects, as many IoT devices have limited firmware upgrades and fail encryption and authentication, among other issues. They deserve great attention as they can be the gateway to hackers.

Another measure is regular device updates, as security updates are provided by manufacturers and developers; Devices that are not up to date may have security holes that are easy for hackers to detect. Therefore, it is important that the security team be aware of new releases to implement them in appliances used in the environment.

It is also possible to perform a partial implementation of IoT as a security measure. Because it is new technology, cyber attack testing and simulations should be conducted to prepare IT staff and the organization for prompt response if needed.

Segmenting the networks you use is a way to protect sensitive corporate information. Using a Virtual Private Network (VPN) ensures that only devices authorized by IT staff have access to the network, making it easier to monitor and identify faults and vulnerabilities.

Lastly, IoT devices must be managed by constantly monitoring the information collected and how it is used. Thus, it is necessary to evaluate and determine the access levels of each analyst and to control the devices that are connected, and to reinforce the organization's information security policies.

Conclusion

Information security on IoT devices has a major impact on organizations as much of the data and information collected is sensitive.

This requires a great deal of responsibility and commitment from the organization's security team and network administrators, as mismanagement of IoT-related assets can result in the leakage of sensitive information.

* Leandro Rodrigues is an Analyst Safeway Consulting.

 

Regarding the [SAFEWAY]

SAFEWAY is an Information Security company, recognized by its customers for offering high value added solutions through Information Security projects that fully meet business needs. During these years of experience, we have proudly accumulated several successful projects that have earned us credibility and prominence in our clients, which constitute in large part the 100 largest companies in Brazil.

Today through more than 17 strategic partnerships with global manufacturers and our SOC, SAFEWAY is considered a one stop shopping with the best technology solutions, processes and people.

Let's make the world a safer place to live and do business!