Donate
‹ Back
Internet of Things (IoT) 17 April 2018

Best Practices: Enterprise IoT Security Checklist

The Internet of Things (IoT) has found its way into all aspects of our lives. In particular, consumer IoT devices such as smart TVs, thermostats, smart speakers, fitness trackers and other devices are now used regularly in enterprises, either purchased by staff or brought in by employees.

This IoT insurgence represents a unique challenge since many of these devices are deployed without IT’s knowledge or not accounted for as a normal part of IT security planning, yet they have characteristics that can create serious vulnerabilities. While some IoT products are designed with strong security, many have a simple or non-existent user interface, default (or hardcoded) passwords, open hardware and software ports, limited local password protection, lack the ability to be updated, “phone home” frequently, collect more data than expected and use insecure backend services.

The consequences of using these devices range from unauthorized access to other enterprise systems, to surveillance via audio, video and data, to use of those devices to attack other connected devices or services. To help enterprise IT staff address these issues, the Internet Society’s Online Trust Alliance created this best practices checklist (ordered chronologically from installation through end of life) for use of consumer-grade IoT in enterprises.

Underpinning this list are several core concepts.

Enterprises should:

  • Be proactive and fully consider the possible risks introduced by these devices
  • Understand that IoT devices are likely more vulnerable than traditional IT devices
  • Educate users on IoT device risks
  • Strike a balance between controlling IoT devices vs creating “shadow IoT”
‹ Back

Related articles

The Internet Society Survey on Policy Issues in Asia-Pacific 2018
Internet of Things (IoT)15 November 2018

The Internet Society Survey on Policy Issues in Asia-Pacific 2018

This year’s survey focuses on the security and privacy of the Internet of Things (IoT)—the rapidly expanding network of devices, physical objects, services and applications that communicate over the Internet.

IoT Trust by Design
Resource22 May 2018

IoT Trust by Design

IoT Trust Framework identifies the core requirements manufacturers, service providers, distributors/purchasers and policymakers need to understand, assess and embrace for effective security and privacy as part of the Internet of Things.

Internet of Things (IoT) Trust Framework v2.5
Internet of Things (IoT)22 May 2018

Internet of Things (IoT) Trust Framework v2.5

The IoT Trust Framework® includes a set of strategic principles necessary to help secure IoT devices and their data when shipped and throughout their entire life-cycle.

Join the conversation with Internet Society members around the world