Capterra Field Service Management Blog

How software can help field service technicians offer top-notch support

4 Hacks Your Service Business Needs for Internet of Things Security

Share This Article

Is there any idea that isn’t a double-edged sword? For every good idea, there are roughly 9,387 ways to use that idea for bad purposes.

Case in point: The first Ford Model Ts were offered to the public in 1908. It took humanity centuries to figure out how to mass produce something as useful as the automobile. It only took John Dillinger 25 years to figure out how to use it to rob banks.

The internet of things (IoT) is no different.

Having internet-connected devices can be useful. For example, an asset connected to the IoT can tell your field service management software program it’s going to break before it even happens.

On the other hand, internet-connected devices could also be used for destructive ends, such as the instance when IoT-connected coffee machines and DVRs were used in a massive hack last October.

Don’t settle for a double-edged sword—use our four IoT security tips below, and turn your IoT strategy into a technological samurai sword: strong and single-edged.

internet of things security

1. Use an IoT security pattern to identify vulnerabilities

It’s tempting to want to jump right into using the IoT, given how much it can do for your business. But that’s not the best idea. Every connected device you add is another way into your network for a hacker. Jumping in without considering security is like adding doors and windows to a building without adding locks.

Gartner analyst, Earl Perkins recommends using an IoT implementation design pattern to determine potential areas of risk. What’s an IoT design pattern? It’s a map of all the devices, sensors and computers you need to get your IoT plan working. (Full report available to Gartner clients.)

More generally, a design patterns are, according to Michael Koster, “reusable solutions to common problems.”

Koster offers a pithy example: “Three different design patterns to handle traffic flow at a road intersection are stop signs, traffic lights, and roundabouts.”

In the same way those design patterns keep an intersection secure, an IoT design pattern can make your networks secure.

Think of your IoT security pattern as a map of the devices you’re using, and how you’re using them to get what you want.
  • The first step in designing your map is to figure out whether your IoT design type is centralized, distributed, or hybrid
  • The next step after this is to design a security pattern that matches your design type

There’s no one template you can use to design these patterns, as IoT deployments differ widely. However, Gartner’s research on setting up a security pattern is a good place to start. (Full content available to clients.)

Gartner recommends looking at IT security architecture principles, or operational technology (OT) principles. The same security best practices in those fields should also apply to IoT security.

2. Know where all your endpoints are

A security guard monitoring a building needs to know where all the doors and windows are. After all, if you don’t know where someone might sneak in, you can’t be fully protected.

Endpoints are to a hacker what backdoors and windows are to a thief. They’re anything connected to the IoT, whether it’s handheld devices, sensors, or desktop computers.

Continuing the security guard metaphor, you should patrol an area the way they do, too. This could mean walking the floor to see where your assets are, but it can also take a more technologically advanced shape.

A computerized maintenance management software solution with digital asset tracking, such as Bigfoot or Nexgen, gives you an overall view of your assets, as well as how secure they are, and how well they’re performing. Since the software is already connected to your assets, it will give you a head start on monitoring your endpoints.

3. Prioritize data security needs with proper encryption

When it comes to securing the data you send over the IoT, you should turn to the most up-to-date encryption protocols, as Conner Forrest suggests on ZD Net.

Secure sockets layer, or SSL encryption is one of the most common ways of securing information, though some industry experts suggest taking a different approach.

Robert Metzler of KORE Telematics notes that, when passing information between devices, SSL can be costly. Instead, he suggests “creating a site-to-site VPN tunnel from the M2M [machine to machine] operator” to the server.

Manuel Grenacher, CEO of Coresystems, emphasizes the importance of securing your data—especially personal data. Grenacher says the extent of how secure you need to be comes down to what kind of data is being sent back and forth. “If it comes to data about persons, then it’s highly critical, because of privacy issues, like location and such. If you only have sensor data, it’s less critical.”

4. Leverage the benefits of two-step authentication

Authentication—i.e., making sure the IoT knows it’s you sending data, and not some hacker—can be the difference between stolen intellectual property and a secure network.

Grenacher prefers a two-step authentication approach: “Two-way authentication works out; people usually don’t forget the second piece of information, along with their email.”

If you have a Gmail account, and you’ve ever been asked to provide your phone number, you’ve seen a two-step authentication in action.

In two-step authentication, a second step (that phone number) is added to the standard, one-step authentication of entering your password.

Grenacher does, however, caution people about the kind of information they’ll be sending:

“Again, your approach depends on what data you manage, but two-way authentication is a good way, and a cheap way, of how SMBs [small and midsize businesses] could solve IoT security issues.”

Your experiences with service IoT security?

Has your field service business secured your IoT successfully? Or have you bounced back from a security breach? If so, let me know in the comments below!

If you’re looking for more information about the internet of things, check out one of these Capterra posts:

Looking for Field Service Management software? Check out Capterra's list of the best Field Service Management software solutions.

Share This Article

About the Author

Geoff Hoppe

Geoff Hoppe writes about business intelligence and field service management for Capterra. His background is in education and higher ed, but he’s interested these days in how small businesses can use software to be more agile and efficient. When he’s not reading and writing about software, he’s probably reading and writing about history, music and comic books, finding new hikes throughout Virginia, or following the Fighting Irish.

Comments

[…] 4 Hacks Your Service Business Needs for Internet of Things Security […]

Comment on this article:


Your privacy is important to us. Check out our Privacy Policy.