Ensuring IoT security during a pandemic
Now more than ever, consumers, healthcare providers, government and businesses are relying on the power and connectivity of IoT devices to help combat the spread of COVID-19. From tracking ambulances to leveraging contact tracing to identify where possibly infected individuals have travelled, IoT plays a vital role. However, these are also datasets that can be compromised if not securely protected.
In this new reality, employers of all types must apply a careful balance as they grapple with an appropriate public health response to the escalating health crisis. Though networked and intelligent devices add convenience and help us track a myriad processes and information, they remain vulnerable to cyberattacks and other failures. For example, the use of connected personal devices to track infected patients, such as IoT thermometers, entails intrinsic data protection obligations and security measures.
As the U.S. reopens and we rely more on these connected devices to help us return to work, it is critical that business and health organizations who leverage this technology have a plan in place to not only protect the network the devices are connected to, but the data they share.
In some cases, computing devices wired to transfer data over the global IoT network have been part of establishing and sustaining the share of information. But the risks associated with connected devices and apps, particularly security, privacy and safety, can compromise reliability and trustworthiness when used for the first time or in new ways. To ensure IoT security, organizations should consider implementing the following protocols:
- Networking. Users’ connectivity should be established to ensure they have both the speed and quality of connection required.
- Attacks. Hover over links to ascertain the validity of an email address. Make sure to not click on emails from senders you’re not familiar with and have an overall zero-trust view of internet-originated traffic communications now more than ever.
- Passwords. Include display timeouts, lock screens, PIN codes, and biometrics security settings where possible.
- Encryption. Additional encryption functionality, such as email encryption or secure file transfer facilities, should be used to ensure that data is secured, whether at rest, in transit, being shared or in use.
- Backups. Have a comprehensive duplicate data protection program in place, regardless of where it resides.
- Software Patching. Consider switching employee or client device settings as remote work will extend for longer periods of time for different regions of the company.
- Identity and Privilege Access Management. The use of an identity provider is recommended because this ensures a centralized management portal to administer users and to enable advanced security features, such as multifactor authentication, policy management, and account and application provisioning and reporting.
- Hygiene. Personal hygiene is particularly key at this moment in history for everyone, but it also applies to the devices that individuals and organizations are using to resume in-office operations.
- Policy management. Organizations should consider cloud-based policy management platforms to enforce security, data protection and other related policies, as well as to ensure they are in a position to report on those areas.
Beyond those important steps to keep your team functioning while being forced to work remotely, it is important to share information about secure computing and network use with your employees who may be new to working from home.
Responding to, mitigating and recovering from this widespread crisis will require extraordinary strength, significant resources, solidarity and a collective effort from employers and governments. For most of us, simply maintaining routine work and home life is a daily experiment right now.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.