Welcome back to the second installment in our series on IoT security risks. In part 1, we discussed the security vulnerabilities associated with embedded devices that are connected to the Internet of Things (IoT).
Today, we will explore the cyber risks that your organization may face and address some proactive steps that you can put into place.
With the expansion of technology into the Internet of Things, mobile access to your network, and an ever-growing list of users, devices, and apps sharing your enterprise network, your cyber risks will continue to increase.
Cyber-attacks can hit you in the form of a virus or worm injected into your enterprise or IoT network.
You can experience a data breach that compromises:
- sensitive information, like patient records
- intellectual property
- and customer data.
You can suffer the pain of insider attacks, either from sabotage or human error.
Do you have a cyber risk management plan to prevent or mitigate cyber attacks?
Hackers invest all of their time in finding ways to get the information and results they want. You need to be equally as vigilant in blocking them.
Cyber risk management addresses every area that could be vulnerable to an attack. The plan focuses on identifying those risks, preventing the attack, and reacting efficiently and effectively when a hit happens.
Step One: Prioritize your risk areas.
Start preparing your cyber risk management plan by uncovering your risk areas. Examine your network—what you store, where you keep it (e.g., cloud, data center), who accesses it (employees, supply chain), and how (mobile, authentication). Where would you be hit hardest as the result of a cyber attack? What would be the cost of having your data compromised—e.g., malware, breach, or distributed denial of service (DDoS). We’ve learned from experience that a breach of customer data can cause long-term effects, resulting from the negative impact on your brand and the cost of losing customers.
Step Two: Evaluate your technology.
Mobile technology, the Internet of Things, BYOD, and the cloud each present their own sets of risks. Aging devices and outdated software and operating systems pose a security risk because the support in terms of security patches may no longer be offered. Assess the technology and the security protocols in place so you can determine where you need to make changes to minimize cyber risk.
Step Three: Assess your processes.
You should have “acceptable use” policies for anyone accessing your network, in any way. These policies clearly dictate the guidelines for using any enterprise technology—devices and apps—and what is permitted on your network. Your password policy should be included. Data back-up and recovery processes should be reviewed and adjusted as well.
How are third parties allowed to enter your network? How do you enable guests, customers, and vendors, while also restricting their access? The answers to these questions might uncover more concerns that should be addressed in your cyber risk management plan.
Step Four: Build on what you’ve learned.
Now that you have a detailed assessment of your current cyber risk situation (threats and vulnerabilities), build a plan that answers the question, “What if…?” Create a strategy that will close the gaps you’ve uncovered and provide direction on preventing and managing a cyber-attack. How will you handle the critical communication? Who will be in charge of securing the network? Define the people involved in cyber risk management and their roles. Provide the process for incident reporting, securing the physical as well as virtual property.
Once you have your cyber risk management in place, educate your employees as to their role in reducing risk.
Train them in the steps to avoid security breaches, such as password management, file sharing, and downloading.
Teach them to be aware of and to report suspicious activity.
Emergency preparedness is critical to minimizing risk to cyber-attacks as well as the outcome of those incidents.
Questions?
Call 800-830-9523 or Email info@L-Tron.com