Council Post: As Technology Use Increases, So Do Vulnerabilities: Six Steps Toward Security
Chief Marketing Officer, Zebra Technologies www.zebra.com.
Getty
According to a 2018 prediction made by Juniper Research, “the total number of connected IoT (internet of things) sensors and devices is set to exceed 50 billion by 2022.” I suspect that number could substantially grow now that technology is the way by which we work, shop, see the doctor and socialize.
Increased utilization of connected devices across every aspect of our personal and professional lives leaves us, the companies for which we work, the customers we serve, the services we use and even our families, vulnerable to bad actors. Every device connected to a network — whether a smartphone, printer, TV, toaster or coffee maker — is a potential point of data vulnerability, as they all serve as sources of intelligence about us as individuals or family/organizational units. That’s why we must take measured steps to secure devices we power on to protect sensitive data captured, stored or shared by those who use our devices and networks.
What does ‘security’ mean today?
Many companies are struggling to lock down their networks as our dependency on connected devices increases. It is becoming even more of a challenge now that much of the workforce is decentralized, signing in from home offices, based on social distancing measures.
At Zebra, our “2019 Intelligent Enterprise Index,” which surveyed 950 IT decision makers, found that “62% of enterprises are now constantly monitoring their IoT security to ensure system integrity and data privacy.” We need to get that number up to 100%.
But how? And is this even possible? Can every “thing” that’s connected to the internet be protected from complex threats and data vulnerability?
While we may not have all these answers yet, we should maximize the use of the many different security tools available. We have helped customers globally deploy millions of connected devices, and what we’ve learned is that flexibility, frequency and foresight are the keys to building and maintaining strong defenses. Security should never be an afterthought.
Sometimes, improving security is as simple as a setting change.
When securing your smartphone, you probably go into the settings and turn on the factory-installed virus scan, multifactor authentication and password protection features. You might even tighten accessibility and data-sharing permissions for individual apps.
But when was the last time you did the same for your printer? Fixed thermal printers, used in hospitals, stores, warehouses, manufacturing plants and even home offices, can be points of vulnerability, as can any other printer connected to a network. In most cases, you can secure printer connections, block unwanted access and ensure data and infrastructure are protected by properly configuring the setting options built into its operating system.
When it comes to locking down mobile computing devices, such as handhelds, tablets, two-in-one devices, scanners or wearables, the first thing you should do is take advantage of the manufacturers’ security offerings. For personal devices, these will be factory-installed device features under the security settings menu. For enterprise-grade devices, the security tool set may be a combination of “factory” features and security software add-ons.
Which security management strategy is right for you?
You must remember safeguarding data and networks is a constant battle requiring a proactive approach and multiple layers of protection. You can develop and execute an airtight security strategy, but you must constantly adapt because the security risks are constantly changing. This is true for personal devices and company-owned or managed technologies.
Smaller businesses without the resources to thoroughly manage security internally should look for a trusted partner with proactive monitoring and device management capabilities. You should assign someone to monitor the security notifications sent out by device manufacturers, app developers and those who own the operating system and adopt this as a best practice for managing your personal devices.
Here are six steps applicable to most devices:
1. Encrypt all connections. It’s common to apply password and encryption technology to wirelessly connected devices, but your wired/Ethernet-connected devices may also need encrypted or authenticated connections depending on the type of information they handle.
2. Rotate credentials. Treat devices as you would any person logging into your network. Use a credential and authentication system to ensure the devices on the network are authorized to be there. Rotate passwords, keys and credentials for all devices, including printers. Centralized device management can make this process easy.
3. Protect access. Many devices sit out in open areas, with access to their settings open for all to use. Activating a simple, front-panel password system is one way to deter misuse.
4. Monitor communication methods. Consider using a remote device management system for administrator access to company-owned devices versus the traditional, riskier web page, File Transfer Protocol (FTP), Simple Network Management Protocol (SNMP) or Simple Mail Transfer Protocol (SMTP) services.
5. (Quietly) perform regular updates via remote management systems. Regular updates are a hallmark of a well-maintained system, but not everyone needs to know the update/scope schedule.
6. Keep track of your devices. Always ensure you can see which devices are active on your network. You should be alerted when devices miss “check-in” times and have the means to automatically withdraw device credentials until the status is determined.
Finally, plan early for new devices and device retirement. Know how you’ll lock down and maintain devices before they’re connected — perhaps even before they’re purchased. And know how you’ll delete stored files and settings, withdraw credentials and user accounts, and ensure systems won’t continue to search for or attempt to use the retired devices.
The best way to mitigate data breach risks in our always-connected lives is to constantly evolve your defense strategies. Take time to adjust security settings on a regular schedule, just as you routinely change the oil in your car, and patch equipment immediately when new updates become available. These small efforts can pay off in a big way.
Forbes Communications Council is an invitation-only community for executives in successful public relations, media strategy, creative and advertising agencies. Do I qualify?
Gloss