Donate
‹ Back
Internet of Things (IoT) 17 April 2018

Best Practices: Enterprise IoT Security Checklist

The Internet of Things (IoT) has found its way into all aspects of our lives. In particular, consumer IoT devices such as smart TVs, thermostats, smart speakers, fitness trackers and other devices are now used regularly in enterprises, either purchased by staff or brought in by employees.

This IoT insurgence represents a unique challenge since many of these devices are deployed without IT’s knowledge or not accounted for as a normal part of IT security planning, yet they have characteristics that can create serious vulnerabilities. While some IoT products are designed with strong security, many have a simple or non-existent user interface, default (or hardcoded) passwords, open hardware and software ports, limited local password protection, lack the ability to be updated, “phone home” frequently, collect more data than expected and use insecure backend services.

The consequences of using these devices range from unauthorized access to other enterprise systems, to surveillance via audio, video and data, to use of those devices to attack other connected devices or services. To help enterprise IT staff address these issues, the Internet Society’s Online Trust Alliance created this best practices checklist (ordered chronologically from installation through end of life) for use of consumer-grade IoT in enterprises.

Underpinning this list are several core concepts.

Enterprises should:

  • Be proactive and fully consider the possible risks introduced by these devices
  • Understand that IoT devices are likely more vulnerable than traditional IT devices
  • Educate users on IoT device risks
  • Strike a balance between controlling IoT devices vs creating “shadow IoT”
‹ Back

Related articles

The Internet Society Survey on Policy Issues in Asia-Pacific 2018
Internet of Things (IoT)15 November 2018

The Internet Society Survey on Policy Issues in Asia-Pacific 2018

This year’s survey focuses on the security and privacy of the Internet of Things (IoT)—the rapidly expanding network of devices, physical objects, services and applications that communicate over the Internet.

Internet of Things
Internet of Things (IoT)1 October 2017

Internet of Things

Vision - An IoT ecosystem built on trust and innovation by prioritizing safety, privacy, and security The  Internet of Things (IoT)...

The Trust Opportunity: Exploring Consumer Attitudes to the Internet of Things
Building Trust1 May 2019

The Trust Opportunity: Exploring Consumer Attitudes to the Internet of Things

This new research from Consumers International and the Internet Society explored consumer perceptions and attitudes towards trust, security and the...

Join the conversation with Internet Society members around the world