There has been plenty of buzz recently about the Internet of Things (IoT), which is defined as any device that can wirelessly connect to the Internet. This includes products like cell phones, Amazon Dash buttons (to order a product from Amazon before you run out), smart lightbulbs, watches, key trackers, and much more. The Internet of Things (IoT) is rapidly growing, and by 2020 it is projected to exceed 40 billion wireless devices.
IoT devices are popular because they’re easy to use — but they’re even easier to hack. Equipped with limited security features, IoT devices are an easy venue for hackers looking for a way in.
The exploitation of IoT devices
IoT devices can be hacked in minutes but can take weeks or months to recover. And that can have far-reaching consequences. For example, the recent Dyn DDoS attack used a botnet of 100,000 devices that created problems for millions of users, and the malicious malware Mirai scans for IP-cameras and DVRs using default factory passwords and credentials and then creates a botnet it can use to launch attacks.
However, perhaps the greatest IoT threat to business owners today is printer security. Almost all printers are connected to the internet but they don’t always get the same level of attention as computers or servers, creating an easy foothold for hackers trying to get into a network. Think about it this way, printers are basically simplified PCs that can print. They can’t encrypt or decrypt data, they have internet access, and they are often connected to email. This past March, a hacker called Weev hacked 29,000 printers and printed thousands of racist flyers, demonstrating how easy it is to exploit printers on an open network.
After a business is hit with malware or any other cyber-attack, the system is cleaned, and vulnerabilities are patched. Printers are often overlooked when PCs and laptops are patched, though, and then companies wonder why they get hit with the same type of attack again. Printers can hold a plethora of information, and with cloud-based access, printers can expose confidential information—including documents printed through them — to cyber criminals.
What this means for MSPs
As an MSP, you wear a lot of hats. Whether you take care of your customers’ printers or not, it’s important to talk to them about IoT security best practices, especially printer security because it’s one of the most widely used IoT devices in businesses today. While this conversation may not directly generate more revenue, bringing up the topic will help your customer view you as a knowledgeable source that they can trust.
If you don’t already know, start the conversation out by asking them what they’re currently doing about printer security, and then share these best practices to help mitigate attacks.
–Know which IoT devices are connected to the network. Visibility is essential to protecting your network. Use layered security to restrict which devices can connect to the network. A next-generation firewall can help you secure your network and enforce policies on devices.
– Upgrade your printer to a newer model. Older printers are more susceptible to attacks, so if your printer is more than five years old, it’s time to upgrade it. There are a variety new printers that have integrated security features, like automatic updates, storage encryption, BIOS protection, and more.
–Patch your print environment. If your printer doesn’t automatically update, check for updates often or make sure someone on your team does. Additionally, if you’re the victim of a cyber-attack, remember to remediate any lingering vulnerabilities on your printer.
–Change factory default password credentials. Changing default password credentials can make your devices more secure. While this is not a foolproof way to stop hackers from infiltrating your system, it can help reduce the likelihood of an attack.
While the IoT devices may seem vulnerable, this technology can certainly help make our lives easier. We just need to be a little smarter about how we handle it as the IoT continues to grow.Photo Credit: Tumitu Design via Flickr. Used under Creative Commons 2.0.