Amid IoT security issues, companies should adopt a cybersecurity plan that entails various things, including keeping passwords strong, raising employees’ awareness and constantly updating systems.
The migration of devices, IP cameras and access control included, to the internet has brought convenience. But at the same time, it has also introduced new risks, especially cybersecurity issues. “The irony is that, while you may be adding more cameras to protect your premises, if they are not maintained and safeguarded against cyberattacks, they could be adding to your risk of having your network compromised,” said a recent blog post by Axis Communications.
As such, developing a cybersecurity plan has, and should become, a priority for end user organizations. “Not managing internal access to a system can leave it open to being compromised. It is important that you consider both internal and external threats when developing your cybersecurity plan,” the post said.
That said, Axis mentioned the following points to consider when trying to keep the network secure.
According to the post, passwords are also known as “keys.” “You wouldn’t use the same key for your front door and everything else, from your car to your safety deposit box. Similarly, you wouldn’t make a copy of that key for every acquaintance you meet. That’s the same attitude you need to have when it comes to passwords,” it said. “You may have employees accessing parts of the system they are not authorized to view, because a colleague or a superior shared their password with them. This creates potentially risky situation, so the solution is to put clear password policies and processes in place and make sure everyone in the company complies to them.”
While updating a system can be inconvenient and even daunting, not doing so may render the system even more vulnerable. “The older a system is, the more likely it is that any vulnerabilities have been found by cybercriminals. Therefore, these systems have a higher chance of being exploited,” the post said. “The solution is to update your system regularly, because most weaknesses are found by the manufacturers, who run vulnerability scans and penetration tests in order to locate them. Updates and patches fix vulnerabilities and keep you safe.”
Too many devices
The more devices there are attached to the network, the riskier it becomes as a single vulnerability is enough to compromise all the rest. “If you have control over your devices, you can apply the same safety standard and procedures to all of them. However, when your employees are working remotely or with their personal smartphone, tablet or computer, it gets way more difficult to spot weaknesses,” the post said. “Again, the solution is to put in place policies for the whole company, for example a rule that allows the employees to access the system with a personal device, but only if it has a certain security criteria.”
According to the post, phishing emails are still one of the most successful methods of obtaining illegal access to a system. “Some phishing attempts can be quite obvious, but others are more difficult to recognize, especially if the attacker has used social engineering techniques to study your company and better impersonate the part,” it said. “That’s why it is crucial to train your employees, every single one of them, on cybersecurity best practices. Teach them to look for and spot the signals of a possible phishing email, but also give them an email address to which they can forward suspicious messages, so they can be screened if in doubt. Never underestimate human error.”
Source: William Pao, a&s International