IoT Security – What Do Companies Need To Do?

By: Megan Davis

30, October, 2019


Blockchain - Connectivity - Cybersecurity - Data - Enterprise - IIoT - Industry - IoT - Machine Learning - Networking - security - Telecoms -


The Internet of Things (IoT) is probably the 21st century’s most unique technological model that has potential to do unbelievable things. This superb network of interconnected devices is helping people to live efficiently and gain complete control over their lives. Not just the ordinary people, but enterprises too are relishing the benefits of IoT.

IoT helps businesses gain real-time insight into their operations and report them on how their internal systems are actually functioning, including the performance of machines to supply chain and logistics. IoT has potential to open up opportunities for creation of new products and services, which earlier were not possible. IoT-based technologies assist organisations to automate their processes, helping in disaster management, reducing labour costs, improving service delivery, bringing transparency into customer transactions, etc. It is actually helping every industry that we know of.

Despite multiple advantages, security and privacy concerns prevent many companies from adopting IoT-based technologies and those using them are unsure of the steps that need to be taken to solve the problem. Such businesses can follow five steps given below to solve their doubts about IoT security.

  1. Data encryption

Building a secured wall averts trespassers from accessing sensitive data.

Organisations must use firewalls to encrypt data to protect IoT web applications, wireless protocols with built-in encryption and secure sockets layer (SSL) networking protocol for online tools. According to Payment Card Industry Data Security Standard (PCI DSS) and the updated Markets in Financial Instruments Directive (MiFID II), encrypting digital data that transmits over the internet provides foolproof protection against unwanted intruders.

IoT devices operating on their own network provide maximum security, allowing monitoring and blocking of incoming traffic. Creating a private network for IoT is very important, especially in those companies that allow its employees to connect their consumer grade devices to the workplace which are not usually designed with corporate security in mind.

  • Isolating IoT devices

Isolating IoT deployment from the main network puts an organisation in a safe position, because it reduces the chances for a hacker to launch broader cyber-attacks on mission-critical systems.

Companies should consider the following architecture models IoT implementations:

Device to device: The device to device model allows two or more devices to directly connect and communicate with one another, instead of an intermediary application server. Protocols like ZigBee, Bluetooth, or Z-Wave are used to establish direct device to device communications.

Device to cloud: In this model, the IoT devices in an enterprise network are connected directly to the cloud wherein data is transferred. Companies can use proprietary data protocols between the device and the cloud service, which allows them to join a particular cloud service that prevents the use of alternative service providers.

Device to gateway: An IoT gateway device connects IoT devices, sensors, equipment, systems and the cloud, which provides local processing and storage solutions, along with the ability to autonomously control field devices based on data input by sensors.

Implementing a multi-layered approach to protect connections and devices is one of the best IoT security practices that a company can adopt.

  • Multi-layered password

Securing devices with passwords is the most basic level of safety an organisation can observe. Despite knowing this, many businesses have a cavalier approach towards implementing a strong password. It is surprising to know that many businesses still use weaker passwords that can easily be hacked or share a common password across the company that could easily be misused.

Applying a multifactor authentication is always safe.

In 2018, a global survey by password management firm LastPass revealed that only 45 per cent of businesses use multifactor authentication [1]. The percentage in fact should be on a higher side to keep the IoT devices secured. Companies should focus on this part and try to use strong and complex passwords for their IoT devices. Moreover, they should allow access to IoT devices on a need-to-know basis.

  • Securing hardware and software

IoT security must be exercised both at hardware and software levels.

In terms of hardware, companies should store their IoT devices in secured spots or simply locking them so that only a limited number of authorised employees have access to them.

When it comes to software, it is very important to upgrade IoT devices after a certain period because new firmware updates that patch old vulnerabilities in a system help prevent unnecessary cyber-attacks. Automating this process will make the work easier.

  • Mobile device monitoring

Investing in mobile device monitoring is an efficient way of enhancing cyber-security in workplaces. In today’s connected world where IoT is in the lead, it becomes imperative for companies to identify the risks and challenges to make sure that all internet devices are secured.

A study involving 950 global IT and business decision makers conducted by Gemalto revealed that ‘only’ 48 per cent of businesses can detect if any of their IoT devices suffers a breach [2]. The software firm said companies are urging governments to interfere, with 79 per cent demanding more strong guidelines on IoT security and 59 per cent seeking clarification on who is responsible for protecting IoT. Though many governments have already passed or announced the introduction of regulations concerning IoT security, majority of businesses (95 per cent) believe in having uniform regulations ready.

The government of UK is one of the countries that has developed and published a Code Practice for manufacturers’ consumer IoT devices in October 2018. In May 2019, the government announced that it is working on the issue of securing IoT devices to make sure they are well-protected from cyber-attacks. And this can be achieved by introducing measures requiring basic cyber security features that are built into internet-connected devices.

Some 23 per cent respondents also believe that blockchain is a perfect option for securing IoT devices and 91 per cent of the companies are planning to adopt the technology in the future.

If you would like to learn more about IoT Security, why not attend our IoT Tech Expo at the Santa Clara Convention Center this November! More information about the track here: