As businesses and civilians adopt the cloud and the Internet of Things (IoT) seamlessly extends to our smart devices, cyber villains are finding ways to become an even more constant threat to everyday life. Cybersecurity pioneer, Robert Herjavec weighs in on the cross section of security and the IoT.

When it comes to the Internet of Things, why is security such a hot topic?

Robert Herjavec: IoT is everywhere; it’s all encompassing. We expect interactivity everywhere we go, in all aspects of our lives. From a corporate perspective, it’s about driving efficiency and insight. Large corporations are becoming increasingly dependent on computers and technology to drive their success. That means that these technologies become the gatekeepers of intellectual property and critical corporate information. Cybersecurity is becoming increasingly important to protect that information.

How does that cybersecurity respond to threats at the IoT’s new access points?

IoT connects everything, even commonplace devices like our doorbells and refrigerators. These appliances are wired to the internet and are exposing the general population to the same types of attacks that large enterprises have to deal with on a regular basis.

The difference is, a consumer doesn’t have the same resources that an enterprise does to protect itself. With more of everything—more endpoints, more connectivity, more hacks, more risk—large organizations are outsourcing their security to third party providers who have the resources and scale to monitor their environments 24/7/365. Our industry is shifting from a defensive strategy to a proactive security approach. We’re seeing investments in SIEM, endpoint, big data analytics and threat hunting.

The industry is getting more sophisticated, but so are the attackers. IoT is changing the game in terms of what is connected and is blurring the lines between personal and corporate devices. As an industry, we have to be prepared to protect our customers, and strive to minimize the impact of an attack. Our industry recognizes that security is not purely a technology issue. We have to offer enterprises information on who is behind an attack and provide tailored guidance in terms of how they should respond and what they can do to contain the incident. In order to support this level of proactivity, we’re seeing more integration across technology providers, and greater collaboration between the service provider and the enterprise.

What can readers do in order to avoid becoming the victim of one of these attacks?

They sound simple, but the most common rules of thumb in security truly do apply and should be followed: avoid open wireless networks; never complete any financial transactions in public Wi-Fi zones; build complex passwords—try using phrases as opposed to word or number combinations—and do not repeat the same password for multiple logins.

What are some best practices for choosing a security provider for a company?

Most enterprises choose to engage a security provider due to resource, skill or timing challenges. When selecting a partner it’s important that the enterprise and service provider truly view the relationship that way, as a partnership. This has to be a high-touch, collaborative effort, in order to ensure that a proactive model is built that best suits the enterprise’s security needs.

It's important that the organization and provider understand the scope of the atsk and the timing requirements for the project or onboarding. In the case of a managed services partnership, it’s important that an asset list exists to indicate the scope of what’s being monitored or managed. Also key: that there are clear definitions in terms of notable events or incidents that will be monitored and actioned; defined ownership of process and an aligned escalation path are created; an agreed-to operational readiness checklist exists so all parties are on the same page from the get go; and the provider offers support 24/7/365.

Security isn’t a 9-5 job and most organizations outsource their security practices in order to ensure around-the-clock monitoring and management of their environments.