Mike McGrath , Senior Lead Penetration Tester at Bridewell Consulting at Bridewell Consulting , lists five key areas that need to be addressed as insurtechs become increasingly connected . “ When you look at the applications where IoT devices are becoming widely used , there are serious implications if the devices implemented are not secure .” These are :

1 ) Limit physical access to devices , ensuring only authorised users can access these . Unauthorised physical access can lead to changing the device ’ s configuration with malicious intent or installing malicious firmware .

2 ) Manage passwords by changing defaults and credentials from the manufacturer , and enable multi-factor authentication .

3 ) Disable any unneeded protocols , especially any that transmit unencrypted data ( Telnet , FTP ). This can be trivially captured and manipulated . It ’ s also worthwhile .

4 ) Disable Universal Plug-and-Play Protocols ( UPnP ), which are usually enabled by default . These allow devices to modify your router , allowing access from outside the business network .

5 ) IoT devices should be isolated from existing production networks while technologies such as firewalls and intrusion detection and prevention systems are configured and enabled . End-to-end encryption technologies should also be utilised to ensure any data that is being transmitted is secure .