Here at RSA Small and Medium Businesses (SMBs) are squarely faced with the daunting task of securing the explosion of IoT devices, now ever-present in the business environment. In the past, IoT in a business setting could largely be ignored, but that’s no longer the case. The typical small business now processes credit cards on commodity hardware, not purpose-built security hardware, for example, and that’s a problem.

As the IoT devices ever-present in the consumer space ooze into to SMBs, so too do their security problems. Your employees bringing in their devices from home are now potentially bringing vulnerabilities to work with them.

To combat that, as one vendor here opines, the security life cycle now becomes an issue SMBs must grapple with. With potential vulnerabilities in a host of ad hoc devices popping up within the walls of your business (or outside the walls but with access to the same data), there’s no telling what devices may touch your data, but it won’t simply be the PCs of yesterday. From one-off Linux implementations in DVR gear to the latest Android-based doo-dad, the new security surface is everywhere and on multiple platforms.

The problem is that many or most small businesses have no idea what a security life cycle is, let alone how to implement one or even design it in the first place. From discovery, to onboarding, securing, optimizing and managing devices, it’s a daunting task. Here are a few things businesses can do to get better at it without breaking the bank.

  1. Multi-factor authentication: Whether using hardware tokens or credential management software, this is cheap and you can do it. USB security devices, for example, are less than $50 and are very good these days. Same with software that provides similar functionality, it doesn’t cost that much and will harden your organization significantly. And the software these days is far easier to understand – you won’t need a postgraduate degree in cryptography to push a few buttons to make it work.
  2. Network intelligence: The swarm of IoT devices largely connects back to your small business router, so if one of them goes rogue, network traffic anomalies are a good place to start looking for badness. And while you could theoretically hack together some “Frankenbox” with hardened Linux on it, you don’t need to. Various vendors here have small boxes you plug into your wireless router and they will tell you what’s up. Whether they’re cloud-connected to assess the latest threats or not, these devices will give you a heads-up when something suspicious comes along unsuspected, and provide a welcome view into the [network] behavior of your IoT devices.
  3. Backup: It sort of goes without saying until you’re hit with ransomware or suspect insider malicious activity, but simple, effective backups reign supreme here. Some software suites even give you the ability to replay file deletion, copy or exfiltration for some extended period of time, in case one of your employees or contractors steals the digital crown jewels. Again, you don’t need some vast enterprise-level offering (though there’s a lot of them here too!), you can start simple and grow over time if you need to. The main thing is having something. You’ll be glad you did . . . especially if you get hit with ransomware later!

Whether you’re new to the small business environment, or a seasoned pro, there are definitely some takeaways here at RSA, and these three will go an awfully long way toward keeping SMB folks safe without killing the budget.