In this article appearing in TheAccidentalSuccessfulCIO.com, Dr. Jim Anderson tells us why the CIO should be aware of the downsides associated with devices connected to the Internet.
Issues with the Internet of Things (IOT)
Connected devices, while providing certain advantages, also present the CIO with security challenges. This is because these connected devices can be infected with malware. That aside, the CIO cannot accurately determine how secure a device can be at the time of purchase. That said, some companies are currently working on creating standards and certifications for connected devices. However, these standards and certifications won’t be available for some time yet, and most of them don’t have a deadline set as well – therefore, till such time, the CIOs are on their own.
How CIOs Can Stay Secure with IOT
CIOs must take the time and make the effort to carry out some research on the manufacturer of the device. For this, they can read online/offline product manuals and customer reviews to determine how a device is as regards security and privacy.
Most attacks on connected devices occur on account of the attacker knowing the device’s default username and password. To prevent this, the CIO must pre-determine if he/she can change the default username and password on prospective devices. The new password should not be the one used for other devices attached to the corporate network.
Further, the CIO must also determine what data the device connected to the Internet is going to be collecting, and where it is sending this data. The CIO must also find answers to the following questions:
- If they don’t like what data the device is collecting, can they change it?
- Where is the data stored, and for how long?
- Will the data be shared or sold to anyone?
- Is it possible to wipe all the data?
What All This Means for the CIO
CIOs need to be aware of what devices they allow to be directly connected to the internet. As such, only devices that can benefit from such a connection should be granted access. In addition, the CIO must check the device, and must be clear as to what they are getting into before connecting the device to the Internet.
Click on the following link to view the original article in full: http://theaccidentalsuccessfulcio.com/security-2/cios-need-understand-risk-internet-connected-devices