The overwhelming priority right now is for us all to focus on public health and saving lives.
We also need to make sure we protect ourselves in other ways and that we do not become complacent about cyber security. Our online habits have changed dramatically in recent weeks and we need to be extra vigilant. Bad actors will see the pandemic as a new opportunity to exploit us – for example defraud, extort or simply spy on us.
Some of these new attacks will try to exploit our concerns about the virus by getting unsuspecting targets to click on bad links. Other unscrupulous actors see the opportunity to attack our health, business and financial systems – they simply do not relent, especially in times of crisis.
IoTSF stands alongside kindred institutions and our cybersecurity professional colleagues; we are here to do what we can to help – in crisis, in recovery and in normal times.
Many home workers will be utilising their home networks, which will have personal equipment including IoT devices attached which extend the threat to businesses. It is therefore important to remind everyone of the key requirements for IoT security.
Here is a concise set of the top 3 essential guidance measures to protect businesses, employees and consumers – right now, and into the future.
Protect yourself and those around you.
- Passwords; make them strong and unique. Do not use the same password or easy to guess passwords on any connected devices, mobile app’s and don’t forget your home router or wireless access points! Home routers and internet-connected cameras are currently the most popular, but not the only targets. If you do not already do so, consider using a password manager to create a strong password that you do not have to remember.
- Updates; check your device(s) software and related mobile apps are up to date, as this will often fix security flaws.
- Settings; make yourself familiar with the devices security settings and check online for advice; sometimes changing settings can make a big difference to your privacy and security.
Protect your customers and your brand. But don’t let perfect be the enemy of the good, some simple vendor and product checks can be highly effective.
- Is the product consumer-ready? Users get annoyed if the product is not easy to set up or is not well supported. Is it pre-configured to work out of the box? Does it have simple security guidance for the configurable settings?
- Staying safe; is the product manufacturer committed to support security updates for a reasonable period of use beyond the point of sale.
- Can the manufacturer be easily contacted to notify of security flaws? Check the vendor has a vulnerability disclosure policy and check it is used.
Manufacturers and ODM’s:
Build good security features and practices into your products.
- Do you follow best practice guidelines when designing your products? Now would be a wise time to check out the ETSI and UK Department of Culture Media and Sport’s 13 vulnerability controls. For help with this there is an IoTSF guidance paper Compliance-Framework and ETSI-TS-103-645 13 white paper. Manufacturers should also be aware the emerging draft harmonised ETSI standard for Consumer IoT security EN 303 645
- Fix vulnerabilities; create a vulnerability disclosure contact and publish it on your web site. Make it easy for bugs to be reported to you.
- Provide security updates; ensure they last for a minimum stated period beyond the production life of your product.
We recognise that employers are also facing challenges at this time in helping their staff work securely from home. There is good information available on best practice for those new to remote working. The UK’s National Cyber Security Centre (NCSC) has issued guidance for home working as a response to Covid-19 for organisations trying to manage the cyber security challenges.
As we emerge from this crisis, we will find ourselves in a different world: with even faster digital transformation as more people choose remote working, as 5G takes off, as edge computing gains ground.
The habits we develop now will provide a secure foundation for the digital world of the future.
IoTSF remains committed to the long-term security of IoT. We have a growing inventory of assets designed to make it safe to connect and to remain cybersafe.
It does not have to be expensive to improve IoT security, IoTSF has free guides and checklists, which are simple to understand, and easy to use, which can be found within IoTSF’s best practice guides webpage and include:
- Secure Design Best Practice Guides
- IoT Security Compliance Framework
- Vulnerability Disclosure Best Practice Guide
- Regulation Ready Reports
- & more.