The next big wave of cyber attacks may come from the millions of Internet of Things devices out there. If you’re making or deploying IoT devices you need to up your security plan.
Security is not an add-on feature; it must be built into the foundation of any given device. The level of security held by a device is derived from both the architecture and coding choices made by developers. This is particularly important to keep in mind when working in IoT as a lot of security choices need to be made with the platform in mind. Commonly used security techniques, such as encryption, may be challenging for devices with little processing power.
A good way to start is by following the security practices defined by the Open Web Application Security Project (OWASP). OWASP guidelines include information about secure coding and firewall use in addition to application interface best practices.
Here are the top five things companies can do to secure IoT:
- Build security into devices from the beginning. Don’t tack it on at the last moment before you ship.
- Limit data collection. Only collect the data needed to provide a service and only keep it for a limited period of time.
- Limit what data can be accessed. An unauthorised person should not be able to get into customers’ device data. And require strong authentication before allowing devices to interact with each other.
- Hold your contractors to your security standard. Only hire outside providers that deliver reasonable security and allow for reasonable oversight by you.
- Monitor and patch. Don’t just assume the device is fine after you sell it. Keep tabs on the health of devices and provide patches promptly for known risks.
These are just a few of the things you can do to keep your IoT products from being misused.