Internet of Things Tip Sheet

The Internet of Things (IoT) is the term used to describe the network of physical devices connected over the Internet. Cars, fitness trackers, wearables, appliances, lightbulbs, smart speakers, and any devices that have sensors and can exchange data with other machines in the network are examples of IoT. The cybersecurity of such information may be vulnerable to a potential cyber-attack once the device is connected to the Internet.

Compromised IoT devices with poorly secured connections can be turned by attackers into a botnet allowing them access to other devices and machines. The cybersecurity of IoT is important for small and medium-sized companies doing business with the Department of Defense (DoD) or meeting compliance with NIST SP 800-171 or CMMC frameworks. It brings trust of your partners and enables technological innovations and advances within your organization. “Do Your Part. #BeCyberSmart” and support the National CyberSecurity Awareness Month (NCSAM) with CyberNINES. Take these simple steps to secure your home and work IoT devices:

  1. Ensure strong password security. IoT devices often come with factory default or weak passwords. According to NIST guidance, you should consider using the longest password or passphrase permissible. Choose unique or complex passwords different for each device.
  2. Secure your network. You should change factory-set password and username on your Wi-Fi network. Consider also placing your IoT devices on a separate and dedicated network.
  3. Keep tabs on your apps. Most connected appliances, toys, and devices are supported by a mobile application. Your mobile device could be filled with suspicious apps running in the background or using default permissions you never realized you approved—gathering your personal information without your knowledge while also putting your identity and privacy at risk. Check your app permissions and use the “rule of least privilege” to delete what you don’t need or no longer use. Learn to just say “no” to privilege requests that don’t make sense. Only download apps from trusted vendors and sources.
  4. Connect carefully. Don’t forget “If You Connect IT, Protect IT.” Verify if your IoT device needs to be connected to Internet all the time, and whether the automatic updates are enabled to the latest security software, web browser, and operating systems. Make sure to apply relevant patches as soon as possible to protect your devices.
  5. Evaluate your security settings. IoT devices can offer a variety of features that you can tailor to meet your needs and requirements. However, enabling some features for your convenience may leave you more vulnerable to cyber-attacks. Always examine the device security settings and select options that meet your needs without putting you at increased risk. If you install a patch or a new version of software, or if you become aware of something that might affect your device, reevaluate your settings to make sure they are still appropriate.

Find this and other useful information at https://www.cisa.gov/cisa-cybersecurity-resources.

If you are looking for help with your organization’s cybersecurity assessment or meeting compliance with NIST SP 800-171 or CMMC, please contact us.