Top 5 IoT networking security mistakes

Even though Brother International is a supplier of many  IT products, from machine tools to head-mounted displays to industrial sewing machines, it’s best known for printers. And in today’s world, those printers are no longer stand-alone devices, but components of the internet of things.

That’s why I was interested in this list from Robert Burnett, Brother’s director, B2B product & solution – basically, the company’s point man for large customer implementations. Not surprisingly, Burnett focuses on IoT security mistakes related to printers and also shares Brother’s recommendations for dealing with the top five.

#5: Not controlling access and authorization

“In the past,” Burnett says, “cost control was the driving force behind managing who can use a machine and when their jobs are released.” That’s still important, of course, but Burnett says security is quickly becoming the key reason to put management controls on print and scan devices. That’s true not just for large enterprises, he notes, but for businesses of all sizes.

#4: Failure to update firmware regularly

Let’s face it, most IT professionals stay plenty busy keeping servers and other network infrastructure devices up to date and ensuring their infrastructure is as secure and efficient as possible. “In this day-to-day process,” Burnett says, “devices like printers are very often overlooked.” But out-of-date firmware could expose the infrastructure to new threats.

#3: Inadequate device awareness

It’s critical, Burnett says, to properly understand who is using what, and the capabilities of all the connected devices in the fleet. Reviewing these devices using port scanning, protocol analysis and other detection techniques should be part of the overall security reviews of your network infrastructure. Too often, he warns, “the approach to print devices is ‘if it’s not broke, don’t fix it!’” But even devices that have been running reliably for years should be part of security reviews. That’s because older devices may not have the capability to offer stronger security settings or you may need to update their configuration to meet today’s greater security demands. This includes the monitoring/reporting capabilities of a device.

#2: Inadequate user training

“Training your team on best practices for managing documents within the workflow must be part of a strong security plan,” Burnett says. The fact is, no matter how hard you work to secure IoT devices, “the human factor is often the weakest link in securing important and sensitive information within a business. Items as simple as leaving important documents on the printer for anyone to see, or scanning documents to the wrong destination by accident, can have a huge, negative impact on a business not just financially, but also to its IP, reputation, and cause compliance/regulation issues.”

#1: Using default passwords

“Just because it’s easy doesn’t mean it’s not important!” Burnett says. Securing printer and multi-function devices from unauthorized admin access not only helps protect sensitive machine-configuration settings and report information, Burnett says, but also prevents access to personal information, such as user names that could be used in phishing attacks, for example.