Internet of Things: how to use smart devices safely

A printer that orders itself an ink cartridge before it runs out. Or a security camera that you control with an app on your smartphone. These are examples of smart devices with an internet connection. Together, they form the Internet of Things (IoT), or the Internet of Things.

These Internet-connected devices are very handy in your business. But there are security risks. For example, do you use the default password set on your IoT device? Then cybercriminals can easily access your corporate network via that device. Find out how to use IoT devices safely.

What is IoT?

The Internet of Things is a network of smart devices connected to each other. Usually via the internet. Such a smart device has sensors, software and an internet connection. Well-known examples are a smartphone and a smart TV. But nowadays, many more devices have an internet connection. Think of alarm systems, printers and robot hoovers.

Advantages

IoT devices can often be controlled remotely, read remotely and managed remotely. Think of a coffee machine that alerts you via your smartphone that there is a malfunction. It is also possible to link IoT devices together via the internet so that they can exchange data. Such as a smart thermostat and a boiler.

IoT devices are not only convenient, they also save you time and money. For example, a smart thermostat ensures optimal heating. With an app on your smartphone, you control the thermostat. The smart device learns how much heat each workspace needs. This saves you on your energy costs.

Risks of IoT devices

An IoT device is always online. Then it is accessible to users and to other IoT devices. But also to cybercriminals. These search the internet for IoT devices and try to hack them. Smart devices are often poorly secured and thus a wanted target for hackers.

Poor security

Such a cyberattack (in Dutch) is more likely to succeed if the device has no security. Or still uses the vendor's default username and password.

Outdated software

A cyber attack is also more likely to succeed if there is outdated software on an IoT device. Cybercriminals exploit weaknesses in that software.

Misuse of a hacked IoT device

So when misused, an IoT device is a backdoor into your corporate network. Once inside, criminals steal your money or data. Or they install malware, such as ransomware.

Your hacked IoT device could also unwittingly be part of a botnet. Criminals use botnets to spread malware and phishing emails. But also for carrying out DDoS attacks or crypto jacking (in Dutch).

Privacy

An IoT device often collects, stores or transmits data. Think of a smart speaker from, say, Google, Amazon or Apple that you talk to. What happens to this information? Where does it go and who has access to this data?

A hacked IoT device poses additional privacy risk. Suppose a hacked security camera (in Dutch) sends all the footage to criminals. This way, they are monitoring everything in and around your business.

Safe use of IoT devices

These tips will help you use IoT devices as safely as possible:

• Consider carefully whether you really need an IoT device's internet connection. And, if so, whether that device needs to be online all the time or not. For example, a smart TV does not need to have an active internet connection day and night.
• Keep software up-to-date. Only use official updates from the vendor. Makers and sellers of digital devices must provide updates.
• Always change the default username and password. Apply the rules of a good password policy to your IoT devices as well. Is 2-factor verification (2FA) possible? If so, turn that on.
• Buy IoT devices only from trusted IoT vendors. These are often companies that have been around longer and have good reviews. Minimum security requirements for IoT devices (in Dutch) are expected to apply from mid-2024. Products that do not meet these will then be banned from the entire EU market.
• Ask the supplier how the IoT device handles your data. Be critical. Only buy a device whose supplier clearly states what data it collects and stores. If the device also sends the data, check to whom. And whether it does so via a secure connection.
• Create a separate network for your IoT devices. It may not be necessary at all that they are directly connected to your corporate network. This will prevent criminals from accessing your corporate network via a hacked IoT device. Ask your IT administrator or a network specialist how to set this up.
• Remove or replace outdated IoT devices that no longer receive updates from the vendor. Or disconnect them from the internet for good.