Don’t Let Passwords Stink Up Your IoT Cyber Risk Management

September 28th, 2021

There’s no denying it; Internet of Things cybersecurity is a growing area of concern. As the world becomes more connected through the implementation of IoT devices, the cyber risk associated with this increase in attack surfaces is also growing. In fact, new guidance from the National Institute of Standards and Technology (NIST) outlines how manufacturers can identify the non-technical capabilities required to support IoT security solutions in an effort to mitigate this risk. As more organizations pursue digital transformation and implement IoT infrastructure, it is crucial to identifying and managing the associated IoT threats. 

Ensuring you are configuring and deploying connected devices in a secure fashion includes solid password hygiene. Compromised credentials can impact far beyond the loss of access to an account, as they can provide an entrance into a network of connected devices. For example, having default passwords for one account might enable access to all of the cameras on company computers. If one connected device is compromised, the threat can spread throughout an organization’s digital ecosystem and put the entire company at risk. 

Recycle paper, not passwords

Unfortunately, the number one reason for a breach is human error, and an alarming number is due to poor password hygiene. We use many different programs at work, and it can be tempting to reuse the same password for some or all accounts. This (unsafe) practice is known as “password recycling,” and it can open up various risks. If one account is hacked, attackers essentially have a master key into any other account that uses the same password. Using unique passwords and 2FA for each account is the best way to avoid this chain reaction. 

Beyond password hygiene, effective cyber risk management requires understanding the risks of your systems, employee behavior, and processes for handling risk. Thorough assessments and testing provide a holistic way to identify gaps in your organization and prioritize what can be done to improve. While there is no way to ever be 100% secure, putting a risk management system in place helps to understand which assets need to be secured and the steps to be taken to increase security over time - particularly if this plan includes IoT security concerns. Without a cyber risk management plan that includes regular assessment and testing of all internet-connected devices, you may be putting your organization’s network – and your extended supply chain network – at risk. 

Deploy multiple layers of defense

The Defendify all-in-one cybersecurity platform features multiple layers of defense, simplified program management, risk scoring, alerts, notifications, reports, recommendations, and a full suite of easy-to-use cybersecurity tools - including a stolen password scanner to find compromised passwords and prevent account takeovers. 

Try the Free Stolen Password Scan to see if your email or passwords are found on the Dark Web, and reach out to learn more about how Defendify can help you protect your organization. 

More IoT Resources

Blog: Before Implementing IoT, Assess and Test Cybersecurity

Blog: Conquering IoT Cybersecurity Challenges Through Visibility and Awareness

Your cart
    Checkout