13 ways companies should improve their data security in the age of IoT

As our world gets more and more connected, consumers and businesses alike must think fast about how they protect important information.

In particular, there’s a burden on businesses that work in and around the Internet of Things (IoT) to ensure that they’re serving their customers’ best interests by taking every measure to protect sensitive information.

To learn more about how to adapt security measures considering the complexity of today’s technologies, I asked a group of entrepreneurs from YEC the following question: How should companies ramp up their data security as the Internet of Things grows?

Have backups in place 

As security hazards evolve, so must security measures. I don’t think it’s just about protection; it’s about having backups to restore your info in case your systems need to be rebooted. That’s something you need to invest in. – Alfredo Atanacio, Uassist.ME

Plan and protect for a security breach

With the growth of the IoT, chances of a security breach continue to rise. Sure, you would like to keep this from happening to your company, but the goal is to limit the damage in the event this does happen. You can do this by keeping a backup in case of a breach, installing endpoint protection software, and keeping your system up to date with security fixes. If you have any questions, consult an expert. – Russell Kommer, eSoftware Associates Inc

Consult an expert

Traditional industries that haven’t had to think about security are now being tasked with this endeavor. There are lots of little tweaks and hacks that can be done to bolster protection, but unless someone is looking at a company from a holistic point of view, it’s bound to have vulnerabilities. I feel the only safe way to protect a company as the stakes get higher is to work with an outsourced firm that specializes in security, or bring someone in-house. – Mark Krassner, Expectful

Add a web application firewall and real-time backups 

At the current state of internet security, I think every business should add a Web Application Firewall (WAF) for their websites. I’m talking about services like CloudFlare and Sucuri which help protect you against DDoS attacks, XSS vulnerabilities, and other vectors of attacks. You should also keep real-time backups of your website, customer data and everything else. This is the best fall-back plan and allows you to recover from any data loss during the attack. – Syed Balkhi, OptinMonster

Remain secure, vigilant and resilient 

These three principles should be first and foremost for companies as they think about cybersecurity. These principles focus on prevention and taking control of the many layers of data produced by a company. Being vigilant is a matter of continual monitoring to make sure systems are still secure. Being resilient includes being able to quickly address and recover from threats. Allocating budget and creating awareness to the potential risks and threats will help create a culture of security, whereby management at all levels is aware of the potential risks and has a program to test and execute security. Employing hackers to find the potential dangers should be considered as a proactive way to address security before breaches happen. – Marcela De Vivo, Brilliance

Have a two-step verification process 

 Having a two-step verification process adds another layer of protection for data, which is essential when there are so many devices now being connected together with the same username and password. Longer passwords are also part of this extra security measure, making it more difficult to compromise the system. – Peter Daisyme, Due

Encrypt everything 

The IoT will lead to the omnipresence of smart, connected devices. It’s impractical to determine the trustworthiness of every single device that data might pass through or be stored on, even those within firewalled networks. The solution is to ensure that all data, both at rest and in transit, is encrypted. Trust will move from the level of the network to the device or individual. Only people with the authentication credentials or a pre-verified device will have access to data that is encrypted unless it’s being actively used. We’re already seeing something of how this will work with Google’s BeyondCorp initiative, which dispenses with the idea of a secure network perimeter to an internal trusted network. Access depends only on the device and the user authentication. – Vik Patel, Future Hosting

Reduce the amount of digitized confidential information 

A not-so-common approach to data security is to actually limit the amount of confidential data you store online to what is absolutely necessary. Make hard copies and delete unnecessarily risky files. – Andrew Namminga, Andesign

Safely store your data in the cloud with strict permission levels

More and more companies are storing their data in the cloud. However, if you wish to store information virtually, you must consider the added risk that your information may be accessible to others, potentially including people who you do not wish to have access. We highly recommend putting strict permission levels in place so only certain individuals who really need to see those files or folders have access to them. Having a cloud server also restricts staff from saving their files on their personal computer. At our agency, the cloud servers are a remote drive on their computers so all files gets stored and saved in the cloud. – Shalyn Dever, Chatter Buzz

Have users change passwords no less than every 90 days

Most data breaches come from people using very easy to guess passwords. There are a number of strategies you can deploy to require users to take extra steps, including basic things like requiring the use of capital letters, numbers and symbols (or combinations thereof), but what I’ve found to be even more secure is requiring users to change their password no less than every 90 days. This helps to protect from internal intruders, as well as workplace breaches, and maximizes global data security across your business. – Obinna Ekezie, Wakanow.com

Use a mobile device management-like approach 

We can replicate the MDM approach for IoT so that we can manage and monitor the devices, which are connected to the IoT network. Companies can inject the data encryptions from the remote locations and change it whenever needed. Devices can also be profiled or removed from access. We can also manage the apps that run on IoT devices. The MDM infrastructure already exists and just needs some modification for IoT. – Piyush Jain, SIMpalm

Educate yourself 

There are many ways to ensure protection of data with the growth of IoT. First and foremost, stay educated on the latest security practices. By knowing the latest security trends, you can be proactive and keep your company secure. Also, make sure to limit who is authorized to the data and set secure passwords that change frequently. If you detect any shortcomings in your security, act quickly. – Patrick Barnhill, Specialist ID, Inc.

Constantly test

The only way to make sure something is consistently secure is to test it all the time. It isn’t unusual for deeply data-sensitive organizations to hire an experienced respectable hacker to test their security structure. Vulnerability scanning and evaluations are equally important inside and outside your security system. If you can find a way to get illegitimate access to your data, the outside world can as well. – Anthony Pezzotti, Knowzo.com

-------------------------------------