TECHNOLOGY

technologies such as firewalls and intrusion detection and prevention systems should be configured and enabled . End-to-end encryption technologies should also be utilised to ensure any data that is being transmitted is secure .”

TECHNOLOGY

PETER HEYWOOD ISG

“ There are a few steps businesses should take to ensure the security of the IoT devices they ’ re implementing . Firstly , they should look at limiting physical access to the devices , ensuring only authorised users can access these . Unauthorised physical access can lead to changing the device ’ s configuration with malicious intent or installing malicious firmware .

“ They should also change any default passwords and credentials from the manufacturer and enable multi-factor authentication if the device supports it . Wherever possible , it ’ s also important to disable any unneeded protocols , especially any that transmit unencrypted data ( Telnet , FTP ) as this can be trivially captured and manipulated . It ’ s also worthwhile disabling Universal Plug and Play Protocols ( UPnP ) which are usually enabled by default . These allow devices to modify your router , allowing access from outside the business network .

“ Finally , IoT devices should be isolated from existing production networks while

Challenges in IoT management Heywood believes better regulation is at the heart of the solution and pinpoints several areas he believes are ripe for an overhaul . If these changes don ’ t happen , the challenges will continue , he says . He cites four main elements , including ;

• Regulation . Data privacy ( for example under GDPR ) and workers ’ rights are major challenges for collecting data from individuals . These are already top of mind for Chief Regulation Officers and Chief Information Officers in all the big insurers , so adding another level of complexity of personal data makes it even more

insurtechdigital . com 111