Why We Should All Be Paying Attention to the FBI’s Cybersecurity Recommendations for IoT

In a weekly tech advice column, the FBI provided a list of recommendations for people seeking to protect themselves against the inherent cybersecurity risks of the Internet of Things. This advice isn’t just valuable for consumers. Rather, it’s something that every business in every industry should follow.

It’s no secret by now that the Internet of Things (IoT) is a cybersecurity and privacy nightmare. That’s old news at this point. Anyone who’s been paying attention well understands the inherent risks, especially given the lax attitude displayed by consumers and businesses alike. 

We are connecting billions of devices to the Internet with little regard for whether or not they’re secure. We have scores of businesses with no experience in software security fumbling their way through onboard firmware. We have countless users who bring IoT devices online without bothering to change their credentials.

“Within a few years, everything will have some sort of sensor with it,” writes Craig Ford of security publication CSO Online. “IoT will quite literally be everywhere, and I don’t think we could stop it now even if we wanted to…This is not just about fridges or fish tanks anymore. These devices will infiltrate our entire lives, monitor our health and could have a dramatic effect if taken over by a malicious actor.”

Entire cities brought offline. DDoS attacks powerful enough to bring down the likes of Google and Amazon. Connected devices used as entryways to exfiltrate everything from financial details to medical data. 

These are all things that can easily happen in the near future. And this, perhaps, is why early last month, the FBI released a set of guidelines for securing IoT devices. While these guidelines were arguably written with consumers in mind, they should inarguably be applied to the workplace, as well.

They are as follows:

  • Keep systems that contain sensitive or private data on a completely different network from your IoT devices. 
  • Don’t use the factory settings for login credentials. Change the password and username immediately upon connecting a new device to your network. 
  • Make your IoT passwords as long as possible. Use a unique password on each device, using a password manager if necessary. 
  • Pay attention to the permissions requested by IoT-connected mobile apps. If an app requests a privilege that doesn’t seem necessary for the functionality of your devices, reject that request. 
  • Keep every device and system up to date, turning on automatic updates if they are available. 

The IoT represents what is arguably one of the greatest cybersecurity challenges in human history.  Even though it’s clear what we must do to overcome this challenge, most of us are still stuck on how we can do it. For your part, the best course of action is to ensure you’ve applied the necessary best practices to the IoT devices in both your personal and professional life.

Because as always, attackers will seek the path of least resistance. If your devices are password-protected, up to date, and air-gapped, you’re not an easy target. And that, in turn, means that you hopefully won’t end up being a target at all.