As Internet of Things (IoT) devices multiply in homes, offices, and everywhere in between, it’s time we ask if our connected devices are out of control. The proliferation of these devices presents growing risk management issues for consumers and enterprises alike. Furthering the impression that connected devices are out of the control is the fact that few companies have a handle on IoT risks.
Here are some common ways to manage IoT risk.
Scan Your Network for All IoT Devices
Managing IoT risk within an enterprise means starting with awareness. For many enterprises, awareness starts with scanning the corporate network to identify all IoT devices it touches—typically a job for the pen testing team. Learning the threat landscape can help you and your security team determine the worst case scenarios that IoT devices pose to your enterprise security.
Set Standard Requirements for Your IoT Devices
When putting IoT devices within your enterprise, it’s prudent to set documented standard security requirements. This documentation should be kept in a central location and available for reference by acquisitions/procurement, IT, and—most importantly—your security team.
Extend Your Existing Security Solutions for IoT
Rolling out IoT can dramatically increase the number of endpoints you have to protect. There’s bound to be a chance that IoT may strain the capacity of your cyber-defenses. Your IoT project team needs to work with your cybersecurity team to set up and configure new controls as needed to secure the IoT devices.
Include IoT in Your Security Policies and Training
IoT devices have snuck into more than one enterprise through either official or unofficial channels in these days of emerging technologies. Make sure that your corporate security policies reflect the implications of IoT threats to your enterprise if you have projects and initiatives that rely on IoT. If you conduct employee security awareness training, it’s time to verify that your training department or external training provider has added IoT security to the training curricula.
Add IoT to Your Corporate Claims Coverage
With increasing liability concerns, you must examine your existing insurance policies and consider changes to expand or clarify coverage for possible IoT claims, according to Risk Management Magazine. This is one of those times that the IT and business departments need to collaborate to ensure that your organization is protected against the legal liabilities that come from an IoT-related breach.
Define Ownership and Escalation Paths for IoT Security
You should already have security processes and escalation paths in place for cybersecurity, but IoT security may call for its own ownership and escalation paths to ensure that your in-house IoT experts are on the frontlines of any IoT security threats that may arise.
Engage Your Corporate Board About IoT Security
It’s also important that your corporate board talk openly about the security risks that the IoT presents, according to Security Boulevard. With security breaches dominating today’s headlines, you don’t want your IoT project to become the next headline. Therefore, engaging your board is a mark of mature security. Having the board involved can help marshal security upgrades and the needed budget for your IoT initiatives.
Final Thoughts
Concerns about IoT security risks remain at an all-time high—and well they should. Your organization’s move to the IoT needs to happen in step with fundamental changes to how you handle risk management, security training, endpoint security, and nearly every security and operations task in between to ensure your enterprise security in the IoT age.
This article was originally published in ToolBox.
