AssuredPartners London

IoT: How To Ensure Digital Security

The Internet of Things (IoT) is a powerful business tool that opens new doors for connectivity, data and efficiency. However, as the IoT grows and becomes more common, the risks also increase. Within this scenario, a wide variety of devices can be connected around the world. Gartner [1] estimates that the number of connected devices increased by 31% in 2017 compared to 2016. This is expected to reach 20.4 billion devices by 2020. All devices connected to the IoT share information, but the type of information transmitted may be different and not all of them have the same security measures; some devices are built to be more secure than others.

 

Before adding any device to a company network, the IT department must be aware of the cybersecurity risks and the measures necessary to ensure that the devices do not compromise its security. All companies should have a database, or list of current devices, their locations, the type of data they generate, what they control and the networks they use to communicate. This can include anything from sensors, manufacturing equipment devices and tablets used by employees; even self-driving cars. Keeping an up-to-date inventory of connected devices is critical to building a strong business security system, as well as ensuring that everything is protected.

 

Since almost everyone in a business is likely to work with IoT devices to some extent, employees at all levels in an organisation should be made aware of the risks and what to do if their device is hacked or attacked. As with all cybersecurity initiatives, IoT protections should be developed by multifunctional teams that include IT and digital security professionals, business unit managers, and C-Level executives. In addition to device and network protections, IoT security plans should include an incident response plan and other relevant information, such as legal and regulatory requirements that can be applied.

 

A security plan should consider the worst-case scenario and start with the basics, such as setting up effective passwords, which is one of the best ways to prevent cyber-attacks. There should be guidelines for IoT devices ensuring that the "user" and "password" defaults are changed from their default settings as this is usually the first thing a hacker will look for when trying to break into a network.

 

All devices should be up-to-date with the latest software alongside using encryption - even for files stored in the network database. IT departments should monitor the external traffic of these devices to see if anything strange is happening and make sure the devices have SSL (Secure Sockets Layer) certificates produced in the manufacturing process; this is to certify device identity and facilitate the authentication process.

 

Employees should know what to do if they believe an attack is imminent and regular training should be scheduled so that they can practice detection and rapid shutdown.

 

Our digital landscape is rife with phishing, all kinds of malware including ransomware, brute force botnets perpetrating massive DDoS attacks and plenty more nasty hacks and potential attack vectors.

 

Cybercriminals are only getting more sophisticated and no business will ever be completely immune to cyber threats but being prepared and informed can be extremely helpful in preventing and mitigating potential attacks. You can take advantage of the many features of IoT without sacrificing the digital security of your business.



Cyber insurance protects companies against these risks resulting from unauthorised use of or access to electronic data and software within a client’s business. The damages and costs (both first and third party) for dealing with cyber-attacks are continually growing and are costing companies billions every year.

 

What do our policies cover?

 

  • Privacy and Regulatory Breaches - the fines and penalties incurred by regulatory action alleging the failure to comply with state or federal laws to protect against identity theft.
  • Network Interruption and Recovery - the recognition and resolution of unauthorised access or the failure to protect against identity theft.
  • Data Notification Costs - the costs incurred when rectifying the lost or stolen data.
  • Technological Services - breaches of duty, error and omission of technical services.
  • Crisis Management and Public Relations Expenses - the costs to mitigate damage to the company’s reputation.
  • Multimedia and Intellectual Property Liability - risks associated with advertising and intellectual property.
  • Network Extortion Coverage - costs incurred when a company’s data is threatened.
  • Social Engineering Fraud - covers a company’s monetary loss when a misrepresentation of fact or an intentional, malicious, wilful or fraudulent act is undertaken by a third party that misleads an employee.
  • Electronic Theft - covers the transfer, alteration, corruption, disclosure, duplication and theft of intangible assets.
  • Reputational Damage - helps cover the cost of net income loss if a cyber breach should occur.

 

Cyber insurance coverage is your personal and professional failsafe for if and when a breach or cyber attack occurs and you are left with a mountain of costs to restore your business, deal with customer’s lawsuits, or reclaim your digital and financial identity.

 

For further information please contact: