Security tips for the Internet of Things

The Internet of Things is booming. It is predicted that by 2020 there will be more than 50 billion connected devices across the globe. That’s about 7 devices per person on the planet. Businesses and consumers are benefiting more and more from cool and modern technology; The Internet of Things is undoubtedly improving lives.

But with the rapid advancement of IoT, concerns around IoT security are becoming increasingly prevalent. Warnings about IoT security are coming from places as recognised as the FBI, and a collection of recent scandals has brought IoT security into the public eye. This is with good reason.

The impact that IoT devices have on our lives means the potential for disaster increases with every new connected device. It is quite worrying to consider that objects as seemingly innocent as your kettle could end up being a potential target for attack.

As with all other areas of cyber security, it pays to be proactive and vigilant. Here are some steps you can take to ensure the Internet of Your Things is as safe as possible.

Assess the risks in advance

It is always worth carrying out a privacy or security risk assessment in advance of embarking on any IoT project. Consider whether the device will require or collect sensitive data, and what implications could arise for the customer if the data or device becomes compromised.

Choose the right IoT provider

Once you’ve considered the data implications of your IoT device, your next task is to choose a provider that suits your needs. This decision is an important one. The great thing is that there are plenty of options to choose from, so every fledgling IoT project will have an OS that is suitable.

Question whether the provider has enough IoT experience to be able to support you and your security needs. Will they scale with your business growth and keep you secure as you expand? Will they let you use technology you already own, or will you be tied down? Will they give you flexibility over code sets, software and services? Are they part of a consortium or self-regulating body of IoT pioneers?

You can find further information about choosing an IoT provider here.

Minimise the data

The Internet of Things and data collection famously go hand in hand, but vast quantities of data, especially sensitive data, become a target for hackers. By only collecting the data that is absolutely necessary, you can minimize the risks of an attack. It is also worth taking the time to think about a well-structured data lifecycle plan to further limit the risks.

Test security before launch

This seems obvious, but it’s surprising how often this is overlooked. The rapid advancement of IoT means that speed is a priority for many companies, but it is not worth ignoring the security fundamentals. Investing in a penetration tester before going to market may cost time and money, but it is a worthwhile investment as it could be your saviour further down the line.

Continue to monitor your device

Too often devices that become superseded are neglected over time and turn into what is being coined as ‘abandonware’. Be prepared for the fact that customers will assume their devices are always going to be as secure as they were on the day of purchase. If maintaining the security for an out of date device is too much of a drain on resources, informing the consumer is of utmost importance.

In a rapidly evolving environment such as IoT, making yourself aware of the security risks is always a valuable use of time.

To read more about Windows 10 IoT security, download our IoT Security White-paper.


Microsoft Solutions