In the third segment of this series (Part 3), we reviewed an expanded review of relevant examples of threats posed by unsecured IoT devices and delved, but for a moment, into the heads of the bad-actors. In this last segment, Part 4, we’ll cover several steps you can take at home, and in your business, to greatly reduce the risks associated with IoT in order to let you become a cautious IoT Embracer. Let’s continue…
The Basic Steps You Can Take at Home…
Using just the above examples we could fill many whiteboards with attack profiles and scenarios, line diagrams, and pathways to potentially catastrophic damage. And we need to conduct this type of out-of-box thinking to get inside the heads of bad-actors to anticipate what they are thinking, in order to understand how they operate and adapt. While it is unreasonable to think that home users will implement advanced security technology found in commercial business networks, there are some very good basic steps that everyone can and should consider to ensure their security.
A good first step that home users should consider is locking down your internet gateway (the router) by restricting access with a complex password, disabling external remote management ports, disabling the DMZ function if you don’t need one, applying the latest security firmware updates, and restricting inbound ports to only those that you really need. Also, disable inbound ICMP requests (we call these ping requests) so that your router doesn’t respond to pings from the outside. This will provide a level of stealth since your router won’t answer to pings. Incidentally, a ping request is among the first steps a bad actor takes to determine which IP addresses are responsive or not. You should also buy and install a good anti-virus/anti-malware software for all of your PCs, and keep it enabled and always up to date. You should also consider configuring a password on your devices that share files (e.g. media, file servers, home PCs, etc).
The Steps Your Corporate IT Can Take…
In the corporate world, the perimeter is structured a bit differently, but some of the concepts around routers, firewalls, and perimeters are relatively similar. But, with mobile devices, BYOD, and other modes of employees interacting with corporate resources, we hope you’ll apply our principles for zero-trust.
What is zero-trust and how can this approach increase my mobile device adoption confidence while radically improving security?
Blurb on zero-trust.
Catapult Can Help You. Spyglass Can Manage It With You!
Catapult experts leverage Microsoft tools such as Intune, Enterprise Mobility + Security, Advanced Threat Analytics, Azure AD Premium, Azure Information Protection, Office 365 to help several hundreds of customers apply a zero-trust approach across their enterprises to empower their employees and business partners to do more, from anywhere, with greater security. Besides technical expertise from thousands of digital transformation projects for customers, we bring our core values to the table
- We deliver on our promises. Every time.
- We do everything as a unified Catapult team to ensure our customers benefit from the experience and expertise from our whole company.
- We’re easy to work with, our flexibility exceeds expectations.
Lastly, it is important to try to maintain a current and reasonable awareness about emerging potential security threats and what you can do to minimize them. For example, news of recent examples of phishing attacks have been shared on the internet, local news and mainstream media. Remember to not click on links contained in messages from people you don’t know. Even when someone you know sends an obscure message containing a link or attachment, think twice about clicking it since their PC could be compromised and potentially trying to spread malware to you and others.
With respect to security and the Internet of Things, I consider myself a “cautious IoT embracer” which means, I try to understand and answer as many of the questions presented here to understand the risks, and adapt my security countermeasures to manage them. Good security and IoT can and will coexist. We just need to think creatively and thoroughly as we embrace both.
I hope you enjoyed this series and found it helpful.
Till next time,