Internet of Things (IoT) 17 April 2018

Best Practices: Enterprise IoT Security Checklist

The Internet of Things (IoT) has found its way into all aspects of our lives. In particular, consumer IoT devices such as smart TVs, thermostats, smart speakers, fitness trackers and other devices are now used regularly in enterprises, either purchased by staff or brought in by employees.

This IoT insurgence represents a unique challenge since many of these devices are deployed without IT’s knowledge or not accounted for as a normal part of IT security planning, yet they have characteristics that can create serious vulnerabilities. While some IoT products are designed with strong security, many have a simple or non-existent user interface, default (or hardcoded) passwords, open hardware and software ports, limited local password protection, lack the ability to be updated, “phone home” frequently, collect more data than expected and use insecure backend services.

The consequences of using these devices range from unauthorized access to other enterprise systems, to surveillance via audio, video and data, to use of those devices to attack other connected devices or services. To help enterprise IT staff address these issues, the Internet Society’s Online Trust Alliance created this best practices checklist (ordered chronologically from installation through end of life) for use of consumer-grade IoT in enterprises.

Underpinning this list are several core concepts.

Enterprises should:

  • Be proactive and fully consider the possible risks introduced by these devices
  • Understand that IoT devices are likely more vulnerable than traditional IT devices
  • Educate users on IoT device risks
  • Strike a balance between controlling IoT devices vs creating “shadow IoT”

Related Resources

Building Trust 31 August 2020

Policy Toolkit on IoT Security and Privacy

The Policy Toolkit on IoT Security and Privacy is a practical resource for policymakers and regulators to strengthen the...

Building Trust 1 November 2019

Security Factsheet: Keeping Your Workplace Safe Online

For many of us the Internet is a staple in our day-to-day lives – especially at our jobs. But...

Internet of Things (IoT) 19 September 2019

Policy Brief: IoT Privacy for Policymakers

Introduction The Internet of Things, or IoT, is the latest wave of integration of technology into our lives and...