Internet of Things: how to use smart devices safely

These Internet-connected devices are very handy in your business. But there are security risks. For example, do you use the default password set on your IoT device? Then cybercriminals can easily access your corporate network via that device. Find out how to use IoT devices safely.

What is IoT?

The Internet of Things is a network of smart devices connected to each other via the internet. Such a smart device has sensors and software. Well-known examples are a smartphone and a smart TV. Even devices you might be less likely to expect it from have an internet connection. Think of alarm systems, printers, and robot hoovers.

Advantages

IoT devices can often be controlled, read, and managed remotely. Think of a coffee machine that alerts you via your smartphone that there is a malfunction. It is also possible to link IoT devices together via the internet so that they can exchange data. Such as a smart thermostat and a boiler.

IoT devices are not only convenient, they also save you time and money. For example, a smart thermostat ensures optimal heating. With an app on your smartphone, you control the thermostat. The smart device learns how much heat each workspace needs. This saves you on your energy costs.

Risks of IoT devices

An IoT device is always online. Then it is accessible to users and to other IoT devices. But also to cybercriminals. These search the internet for IoT devices and try to hack them.

Poor security

Smart devices are often poorly secured and thus a wanted target for hackers. Such a cyberattack is more likely to succeed.

Outdated software

IoT devices that do not receive regular software updates are especially vulnerable. Criminals hack these devices through weaknesses in the outdated software.

Misuse of a hacked IoT device

So when misused, an IoT device is a backdoor into your corporate network. Once inside, criminals steal your money or data. Or they install malware, such as ransomware.

Your hacked IoT device could also unwittingly be part of a botnet. Criminals use botnets to spread malware and phishing emails. But also for carrying out DDoS attacks or cryptojacking.

Privacy

An IoT device often collects, stores or transmits data. Think of a smart speaker from, say, Google, Amazon or Apple that you talk to. What happens to this information? Where does it go? Who has access to this data? ? If you do not know this, it might be a threat to your privacy.

A hacked IoT device poses additional privacy risk. Suppose a hacked security camera sends all the footage to criminals. This way, they are monitoring everything in and around your business.

Safe use of IoT devices

These tips will help you use IoT devices as safely as possible:

• Decide when and for how long the device should be online. For example, a smart TV does not need to have an active internet connection day and night.
• Keep software up-to-date. Only use official updates from the vendor. Makers and sellers of digital devices must provide updates.
• Always change the default username and password. Apply the rules of a good password policy to your IoT devices as well. Is 2-factor verification (2FA) possible? If so, turn that on.
• Buy IoT devices only from trusted IoT vendors. These are often companies that have been around longer and have good reviews. From 1 August 2025, rules will apply to the digital security of IoT devices. In the EU, unsafe products will then be banned from the market.
• Ask the supplier how the IoT device handles your data. Be critical. Only buy a device whose supplier clearly states what data it collects and stores. If the device also sends the data, check to whom. And whether it does so via a secure connection.
• Create a separate network for your IoT devices. It may not be necessary at all that they are directly connected to your corporate network. This will prevent criminals from accessing your corporate network via a hacked IoT device. Ask your IT administrator or a network specialist how to set this up.
• Remove or replace outdated IoT devices that no longer receive updates from the vendor. Or disconnect them from the internet for good.