Managing Risk in IoT: 4 Key Approaches
The rise in internet-connected devices brings terrific benefits to retailers: easier inventory management, increased data collection, targeted customer promotions and much more. But this same connectivity can leave retailers vulnerable to data breaches due to hackers and malware. When considering implementing IoT applications in a business setting, retailers need to manage risk with these 4 approaches.
1. Manage Remote Access
Most major data breaches happen through remote access. Thieves manage to hitch a ride into a retailer’s network using the access gained from a third party. That’s how the infamous Target breach of 2013 was accomplished: thieves used an HVAC vendor’s remote access to break into the network and steal 41 million customer payment card accounts.
Eliminating remote access isn’t the answer. Remote access is an essential tool for business productivity. As IoT continues to expand, remote access applications will only increase. Any business using remote access must take the necessary steps to segment their network to protect cardholder data and limit vendor access to only pertinent areas of the network. Securing remote access isn’t a place to take shortcuts.
2. Regulate Connectivity
Between IoT connectivity, remote vendor access, work from home employees and much more, a business might have countless devices accessing their network on any given day. And there’s no way to know what sorts of security standards these devices were (or weren’t) built with. Therefore, policing has to happen on the retailer’s end. It’s crucial to develop a company-wide security policy, providing for secure connections and delineating which devices are permitted to connect. In the largely unregulated world of IoT, anything less is an open invitation to thieves.
3. Maintain Compliance
Take it from the experts: the best thing a business can do to protect itself from risk is to follow established security protocols to the letter. PCI standards are complex, but they’re both effective in protecting payment data, and regularly updated to combat new threats. Europe’s rigorous GDPR standards protecting personal privacy will likely make their way to our shores over the coming several years as well. In the meantime, by following best practices such as minimizing storage of sensitive data, securing data in silos or other approved means, and transmitting data only through approved encryption methods, businesses can minimize opportunities for breaches.
4. Watch and Wait
Over time we can expect the wildly unregulated world of IoT to be brought in line. As manufacturers pay more attention to the security they’re programming into their IoT devices (and as they’re penalized for failure to do so) we’ll see more uniformity and control in the ways devices connect and in the services they can perform. Until then, businesses need to exercise extreme caution in protecting themselves and their customers from IoT related breaches.