In our last blog, we defined IoT and explored its history. Now, let’s delve into the pros and cons of using IoT, along with some key risks and concerns to consider when evaluating or implementing IoT in your business.

While IoT offers incredible capabilities, it also raises important questions and concerns, particularly around security. Let’s break this down into two main components:

1. Network Security: IoT devices typically connect to the Internet via Bluetooth and WiFi. If these devices share the same network as your secure business data, they can pose significant risks due to their minimal security controls. This was the root cause of the Target hack a several years ago, where compromised HVAC monitoring tools provided hackers access to Target’s network.
2. Data Security: Ideally, IoT providers would ensure robust security, but rapid development often leads to overlooked vulnerabilities. Data security can be compromised in two main ways: through the breach of data collected by IoT devices, or through hackers sending fake control messages to these devices. For example, a hacker once changed the temperature setting on my thermostat.

Managing network security can be straightforward by creating a segmented “guest” wireless network, separating untrusted devices (IoT, visitors, personal cell phones) from trusted devices and critical data.

At a cybersecurity summit I attended, a keynote speaker emphasized that it’s impossible to fully secure IoT devices, so they must be treated as untrusted and insecure. Many IoT devices prioritize functionality over security, and as functionality increases, security often decreases. Therefore, we must treat these devices as insecure from a network security perspective.

Data security is more complex, especially when storing data in the cloud on third-party servers. If you’re collecting non-critical data, you might not be concerned about potential breaches. However, for critical devices, such as medical or business-critical systems, understanding the cloud provider’s security measures and limitations is crucial. Their liability is often limited by contract, so additional cybersecurity insurance might be necessary. Consulting a competent IT professional can help you evaluate these risks and benefits.

For broader IoT deployments, consider creating an isolated network for both IoT devices and the servers that collect and process their data. This deeper isolation offers more control but may increase costs. Again, an IT professional can help you weigh the technological and business pros and cons.

As the saying goes, “With great power comes great responsibility.” The IoT world is full of potential, but it requires careful evaluation of risks and informed decision-making. I hope this blog has provided valuable insights.

If you need further assistance, please contact us. We’re here to help you navigate the complexities of IoT and other IT challenges.