True North Networks Blog
What's Your Weakest Security Link?
Stephen Nardone, Director of the Security Practice at Connection, is a leader in the field of IT security risks, frameworks, assessment, strategy, and compliance. Stephen has been a CYTO/CSO for the Commonwealth of Massachusetts and has developed security strategies for multiple government and private sector organizations. With more than three decades in the field, Stephen understands that cyber threats and cyber attacks are part of today’s technology reality. It’s not a matter of if, but when the breach will happen. “Prepare for ‘the when,’” is one of his standard mantras.
Stephen recommends some very basic strategy to offer some protection from IoT cyber intruders:
- Connection assessment:The first line of defense is common sense. Consider what you’re connecting to your network and understand with IoT standards and protocols, security blind spots are inevitable. Only connect devices you need and only if secured end-to-end.
- Change passwords:Many plug-and-play IoT devices are set up with open, default, or no passwords. Set a password, and change often Remember the Mirai attack targeted default passwords.
- Purchase known technology:Stay away from knock-offs, unknown names, and unproven devices.
- Install patches and update firmware:Many security issues are due to end users ignoring the latest patches and firmware updates. Cyber criminals target missing patches. Reputable companies are on the cutting edge of security and offer managed patching strategies to avoid cyber penetration.
- User awareness training:Training employees and learning of all the potential threats is the first course of action. The old saying “knowledge is power” goes a long way. Password and patch management, purchasing decisions, how things are connected to your network, and, of course, social engineering are key awareness training areas.
- Data protection:Ensure that all users know their role in the oversight of protecting critical data at rest, data in process, and data in motion. Take the time to identify and classify your sensitive data.