Search Results

IoT Blog | August, 2017

Phil Skipper Phil Skipper
Head of Business Development, Vodafone IoT


Strengthening the weak link in IoT security: people

Security guru Bruce Schneier once said, “only amateurs attack systems, professionals target people”.1 All the firewalls and encryption in the world mean nothing if an attacker can get an employee to let slip their user credentials.

Depending on who you ask, insiders are the cause of about half of data loss events.2 That’s a sobering statistic. But what are you going to do about it? Naturally, you’d be right to look at the risks posed by your own teams. But you should also be asking tough questions of the providers you work with.

At Vodafone, we’re well aware that humans are potentially the weakest link in the security chain — and we act in all kinds of ways to protect our IoT operations and the customer data we carry.

It starts at recruitment. In our IoT division, as in all other parts of Vodafone, we conduct background checks on any new employee. Then, from day one, every member of staff gets regular training and education in security best practice, covering everything from how to look after their passwords, to how to spot a phishing email.

But we know that even the best-intentioned people aren’t perfect. We’ve put processes and restrictions in place to minimise the risk of a small mistake turning into a big problem. For instance, employee laptops are fully encrypted and protected by anti-virus and anti-malware. And our systems require two-factor authentication at login.

Perhaps most importantly, we limit what any individual can access on a strict “need to know” basis. Any access to sensitive data or systems — such as our IoT platform, network management tools, or customer records — is monitored and logged. And of course, physical access to our IoT systems is restricted behind the key-card locks, cameras and guards in our ISO-certified data centres.

You should never trust any security measure until you’ve tested it. That’s why we conduct regular in-depth audits of all aspects of our security processes, both internally and using independent third-party assessors.

No provider can claim to be perfect. Our aim is to make the hacker’s job as difficult as possible by strengthening our people and processes, as well as our systems.

To find out more about our work to secure the IoT, read our IoT Security White Paper


main_icn_24_7_support24-delivery 360-view4gmain_icn_Accessoriesmain_icn_Appsapple market_icn_Batterybroadband-devicecalendarmarket_icn_Minutesmain_icn_Cameramain_icn_Chatmain_icn_Chevron_downmain_icn_Chevron_leftmain_icn_Chevron_rightmain_icn_Chevron_upmain_icn_Tick_simpleClose_thick_0.1main_icn_Closecommunity-thin main_icn_Community_or_Foundationdashboard-hidashboard-thin main_icn_Dashboardmarket_icn_Data_Sharingmarket_icn_Dealsmain_icn_Deletemain_icn_Deliverymain_icn_Dislikemain_icn_Downloadmain_icn_Editerror-circlefacebook-thin main_icn_Social_Facebookmain_icn_Filtermain_icn_Filtergogoogle-plus-thin social-google-plushelp-hi_1helpmain_icn_Likemarket_icn_LinkedInlocation-hilocation-regular location-thin main_icn_Locationmail-newmarket_icn_Screen_sizemain_icn_Menumarket_icn_SMSmobile-broadbandmain_icn_Mobilemain_icn_My_Vodafonenetwork-signal-hinetwork-thin main_icn_Network_signalmain_icn_Pausemain_icn_PAYGsocial-paypalmain_icn_Photospin_alertpin_manpin_warningplay-circle main_icn_Play_circlemain_icn_Play_arrowmain_icn_Add_or_Plus0_rating5_ratingrating-filled ratingmain_icn_Ratingsrefresh main_icn_Bill_or_Reportmain_icn_Reportsmain_icn_Roamingmain_icn_Searchmain_icn_Securityshareshoppingmarket_icn_SIM_Swapmain_icn_Social_Twitterspeech-bubble main_icn_Studenttail [Converted]technology test_app main_icn_Texttick-bordered tick-simple main_icn_Tick_simplemain_icn_Top_upmain_icn_TVtwitter-thin main_icn_Social_Twitterusersmain_icn_Viewedmarket_icn_Vodafone_storeWarning_0.1warningweightwindow market_icn_Multinationalyoutube-thin social-youtube