IoT devices are becoming increasingly common – but how secure are they?

IoT devices are becoming increasingly common

The security industry is undergoing a digital revolution. Everywhere, connected devices are appearing – from smart locks and cameras to sensors that monitor temperature, air quality, and movement patterns. The Internet of Things, or IoT as it is commonly abbreviated, has become a central part of modern security solutions. However, as more devices become connected, vulnerability also increases. How secure are these systems really, and what do you need to consider?

What is IoT?

IoT is an abbreviation of Internet of Things. It refers to a collective term for physical devices that are connected to the internet and can communicate with each other and with central systems. Rather than being standalone products that operate in isolation, IoT devices can exchange data, receive instructions, and be updated remotely.

How does IoT work in practice?

An IoT device typically consists of three parts:

Sensors and actuators

Sensors collect data from the surrounding environment. This can include temperature, light, motion, sound, or position. Actuators perform physical actions based on instructions, such as locking a door or switching on a light.

Connectivity

IoT devices need a way to communicate. This can be via Wi-Fi, Bluetooth, mobile networks (4G/5G), LoRaWAN, or other wireless technologies. The choice of connection depends on how much data needs to be transmitted and how far the signal must reach.

Data and the cloud

Data from devices is sent to a central location, often cloud services, where it is analysed and stored. From here, you can also control your devices via apps or web interfaces.

IoT in the security industry

IoT in the security industry

In security contexts, connected devices are used to:

  • Monitor buildings and facilities using smart sensors
  • Control access systems and digital locks
  • Collect data from fire detectors and water alarms
  • Connect cameras with AI-based analytics
  • Automate alarms and notifications
  • Integrate different security systems into a unified platform

Common types of IoT devices in security

Connected devices have become an important part of modern security solutions. Here are the most common types.

Smart locks and access control systems

Digital locking systems that can be controlled via mobile devices or integrated with other systems are one of the most widely used applications. They can log all entries and exits, grant temporary access rights to visitors, and integrate with fire alarm systems for automatic evacuation.

The advantage is flexibility. The disadvantage is that a smart lock that is hacked can grant unauthorised access to an entire building. The security of the communication between the lock and the server is therefore critical.

Connected cameras

IP cameras transmit video over a network. Modern cameras often include built-in AI that can identify people, vehicles, or unusual behaviour and send alerts directly to your mobile phone.

Many camera systems store video in the cloud, which provides flexibility but also places demands on bandwidth and data security. A compromised camera can be used for surveillance or as an entry point into other systems on the network.

IoT sensors for environmental monitoring

Sensors monitor temperature, humidity, air quality, water leakage, and smoke. In larger buildings and industrial facilities, they are used for predictive maintenance and early warning of issues.

A sensor can detect a water leak before it causes major damage, or warn if the temperature in a cold storage room becomes too high. These sensors are often battery-powered and communicate via low-power networks such as LoRaWAN or Zigbee.

Motion and presence detectors

Smart motion sensors can distinguish between people, animals, and vehicles. They are used to automatically turn on lighting, activate cameras, or trigger alarms. In modern buildings, they can also manage energy consumption by adjusting heating and ventilation based on occupancy.

Fire detectors and security alarms

Connected fire detectors can send alerts directly to emergency services and property owners, even if no one is on site. They can also be integrated with ventilation systems to prevent the spread of smoke, and with access control systems to automatically open evacuation routes.

Gateways and hubs

A gateway is a device that connects IoT devices to the internet and to each other. It acts as a hub in an IoT network and translates between different protocols. In security systems, the gateway may also include local storage to retain data if the internet connection goes down.

How do IoT devices communicate?

Connected devices use different types of networks depending on the use case.

Wi-Fi

Wi-Fi is the most common connection for connected devices in homes and offices. The advantages are high speed and easy installation. The disadvantages are higher power consumption and limited range.

Usage: Cameras, smart locks, displays, and devices that need to transfer large amounts of data.

Bluetooth and BLE

Bluetooth Low Energy (BLE) is used for devices that are close to the user or a gateway. The technology is energy-efficient and works well for sensors and smart locks controlled via mobile devices.

Usage: Smart locks, presence sensors, beacons for positioning.

Mobile networks (4G/5G)

For devices that need to operate over large areas or where Wi-Fi is not available, mobile networks are used. 5G provides low latency and high capacity, which is important for real-time applications such as video surveillance.

Usage: Cameras on construction sites, vehicle tracking, sensors in remote locations.

LoRaWAN

LoRaWAN is a low-power, long-range network, ideal for sensors that send small amounts of data infrequently. A sensor can operate for several years on a single battery and reach distances of several kilometres.

Usage: Water leak sensors, temperature monitoring, parking sensors.

Zigbee and Z-Wave

These protocols are used for smart home and building automation. They create mesh networks where devices act as repeaters for one another, providing good coverage.

Usage: Smart home systems, lighting control, smaller security systems.

Security risks with IoT devices

Security risks with IoT devices

Connected devices offer many opportunities, but they also come with significant security risks.

Weak default passwords

Many devices are shipped with default passwords such as “admin” or “12345”. If the user does not change the password, attackers can easily take control. There have been cases where thousands of cameras were hacked simultaneously because they all used the same default credentials.

Protection: Always change default passwords immediately during installation. Use strong, unique passwords for each device.

Lack of updates

Many manufacturers are poor at providing security updates for their connected devices. Some devices never receive any updates at all, meaning known vulnerabilities remain open for years.

Protection: Choose suppliers with a proven track record of regular updates. Check whether automatic updates are available and enable them.

Insecure communication

If data is transmitted unencrypted over the network, attackers can intercept sensitive information. This may include video streams from cameras, access codes from locks, or logs showing when a building is unoccupied.

Protection: Ensure that all communication is encrypted. Verify that devices use TLS/SSL or equivalent security protocols.

Physical access

Many connected devices are installed in easily accessible locations. If someone gains physical access, they may connect their own device, extract data, or tamper with the hardware.

Protection: Install devices in hard-to-reach locations. Use tamper protection that alerts you if the device is opened or interfered with.

DDoS attacks

Connected devices are often used in botnets for DDoS (Distributed Denial of Service) attacks. Hackers take control of thousands of insecure devices and use them to overload websites or services.

Protection: Keep devices updated and isolate them from the rest of the network. Use firewalls and network segmentation.

Weak authentication

Some devices have poor or non-existent authentication mechanisms. It may be possible to access a device without proving your identity, or to manipulate sensor signals.

Protection: Use devices with two-factor authentication where possible. Ensure that devices verify the identity of both sender and receiver.

Privacy breaches

Connected devices collect large amounts of data. Cameras capture everything that happens, sensors record movement patterns, and locks log when people enter and leave. If this data falls into the wrong hands, it can be used for surveillance or identity theft.

Protection: Minimise data collection. Store only what is necessary and delete it after the agreed period. Follow GDPR and inform users about what data is being collected.

GDPR and IoT devices

In Europe, all solutions that handle personal data must comply with GDPR (General Data Protection Regulation). This is particularly relevant for security systems, as they often record sensitive information.

What counts as personal data?

  • Video recordings where individuals are visible
  • Logs of when someone has passed through an access control system
  • Movement patterns collected by sensors
  • Biometric data from fingerprint readers
  • Location data from GPS devices

What does GDPR require?

Legal basis

You must have a valid reason for collecting data. For security systems, this is typically “legitimate interest”, but you must be able to justify the need.

Information

Individuals must be informed that they are being monitored and why. This is usually done through clear signage.

Data minimisation

Only collect the data that is truly necessary. Cameras should not record more than required, and logs should not be stored longer than justified.

Secure storage

Data must be protected against unauthorised access. Stored video recordings and logs should be encrypted.

Right to erasure

Individuals have the right to have their data deleted when it is no longer needed.

Data processing agreements

If a supplier processes your data (for example, cloud storage providers), you must have a data processing agreement that defines responsibilities.

Penalties

In the event of violations, the Swedish Authority for Privacy Protection (IMY) can impose fines of up to 4% of a company’s global annual turnover or €20 million, whichever is higher.

How to secure your IoT devices

Here are concrete measures to improve security in IoT solutions.

Before installation

Choose the right supplier

Investigate the supplier’s security track record. How quickly do they respond to security issues? Do they have certifications such as ISO 27001? Is long-term support offered?

Plan the network architecture

Separate connected devices from other networks. Create a dedicated VLAN or wireless network for IoT only. This limits the damage if a device is compromised.

Document all devices

Keep an inventory of all connected devices. What are the model numbers? What firmware version is installed? When were they deployed? This makes maintenance and security audits easier.

During installation

Change default passwords

The first action should always be to change default passwords. Use a password manager to generate and store strong passwords.

Update firmware

Check for available updates and install them. Enable automatic updates if possible.

Restrict functionality

Disable features you do not need. Many devices have UPnP enabled by default, which can be a security risk. Disable it if it is not required.

Configure encryption

Ensure that all communication is encrypted. Check settings for TLS/SSL and certificate management.

Ongoing operations

Regular updates

Schedule regular checks for available updates. Establish routines to quickly apply security patches.

Monitor the network

Use tools that detect abnormal traffic. If a sensor suddenly sends large amounts of data, it may indicate a breach.

Review logs

Regularly check logs from connected devices. Look for failed login attempts or connections from unknown IP addresses.

Test security

Conduct penetration tests and vulnerability assessments annually. Use external experts for independent reviews.

Have an incident response plan

What will you do if a device is hacked? Establish clear procedures for isolating compromised devices, restoring systems, and informing affected parties.

IoT solutions for different needs

The Internet of Things is used in many different ways within the security industry.

Small businesses and offices

For smaller organisations, it is often about combining a few devices for basic security:

  • Smart locks at entrances
  • 2–4 IP cameras
  • Motion sensors in key areas
  • Smoke detectors connected to alarms

Cloud-based solutions work well here because they are easy to install and require minimal IT expertise. Costs are predictable through monthly fees.

Residential buildings

In apartment buildings, connected devices are used for both security and services:

  • Digital access control systems for entrances and shared spaces
  • Water leak sensors in laundry rooms and basements
  • Smoke detectors with central monitoring
  • Parcel lockers with automatic notifications
  • Energy monitoring for cost control

Here, hybrid solutions are often required, where some data is stored locally to ensure operation during outages, while management takes place in the cloud.

Large enterprises and industry

In large facilities, IoT networks become more complex:

  • Hundreds of sensors for environmental monitoring
  • Integrated security systems with access control, cameras, and alarms
  • Predictive analytics for preventive maintenance
  • Zoning with different levels of access rights
  • Integration with existing IT systems

Edge computing is often used here, where data is processed locally before being sent to the cloud. This reduces latency and bandwidth usage.

Public sector

Municipalities and government agencies use connected solutions for:

  • Smart lighting to save energy
  • Monitoring of public spaces
  • Air quality and noise sensors
  • Waste management with fill-level monitoring
  • Parking solutions

Here, transparency is particularly important. Citizens must be informed about surveillance, and data must be handled in accordance with public access principles.

Edge computing and IoT

Edge computing means that data is processed close to its source instead of being sent to the cloud. This provides several advantages for security systems using connected devices.

Benefits of edge computing

Lower latency

When a camera detects an intrusion, an alert can be triggered immediately without data first being sent to the cloud and back. This can make the difference between seconds and minutes.

Reduced bandwidth usage

Instead of sending all raw video, only relevant events are transmitted. A camera can analyse video locally and only send clips when something happens.

Increased privacy

Sensitive data can be processed locally without leaving the building. Facial recognition can take place within the camera itself, with only metadata being transmitted.

Improved reliability

If the internet connection goes down, the system continues to operate locally. Data is buffered and synchronised once the connection is restored.

Challenges of edge computing

Edge devices must be powerful enough to run advanced algorithms. This increases costs compared to simple sensors. Security also becomes more critical, as more intelligence is embedded within the device itself.

The future of IoT in security

Development is moving quickly, and several trends are shaping future solutions.

AI and machine learning

Connected sensors will become smarter. A camera will learn what is normal and only react to anomalies. An access control system will detect suspicious patterns and trigger automatic alerts.

Machine learning can also be used to optimise energy consumption, predict maintenance needs, and automate routine tasks.

5G and network development

5G provides much higher speeds and lower latency than 4G. This enables real-time applications that were previously not practical. A security guard can receive high-quality live video from all cameras simultaneously on a mobile device.

Private 5G networks allow organisations to build their own secure networks for connected devices without sharing bandwidth with others.

Quantum-resistant encryption

As quantum computers become a reality, today’s encryption risks becoming obsolete. The industry is preparing by developing quantum-resistant encryption, which will be implemented in future connected devices.

Decentralised systems

Blockchain and other decentralised technologies can be used to secure IoT networks. Each transaction (for example, a door access event) is recorded in an immutable chain that cannot be tampered with.

Standardisation and interoperability

Initiatives such as Matter and Thread aim to ensure that devices from different manufacturers can communicate seamlessly. This makes it easier to build flexible systems and switch suppliers without starting from scratch.

Environment and sustainability

Future sensors will become more energy-efficient. Energy harvesting technology will allow sensors to power themselves using light, vibration, or temperature differences, eliminating the need for batteries.

How to choose the right IoT solution

Here is a guide for selecting systems that fit your needs.

Define your requirements

Start by mapping out what you want to achieve. Is it security, energy efficiency, convenience, or a combination? Which areas need to be covered? How many devices are required? What integration requirements exist?

Evaluate suppliers

Security first

How does the supplier handle security updates? Do they have certifications? What encryption methods are used? How often have they experienced security incidents?

Scope of support

Is local support available in your language? How quickly can you get help when issues arise? Is documentation and training material provided?

Scalability

Can the system grow with your needs? Can more devices be added later? Are open APIs available for integration?

Total cost of ownership

Calculate both initial investment and ongoing costs. Include licences, support, maintenance, and potential future upgrades.

Test before full deployment

Run a pilot with a small number of devices before investing in a full-scale system. Test it in a real environment over several months. Evaluate usability, reliability, and support quality.

Plan for the lifecycle

Connected devices have a limited lifespan. Expect hardware to need replacement after 5–10 years. Have a plan for handling decommissioned devices, both from a security and environmental perspective.

Security and the future go hand in hand

The Internet of Things has transformed the security industry. Connected devices now allow us to monitor and protect buildings in ways that were not possible just a few years ago. From smart locks and cameras to sensors that predict issues before they occur, the technology offers significant opportunities.

However, these opportunities come with risks. Connected devices can be vulnerable to cyberattacks, especially if they are not configured and maintained properly. Weak passwords, lack of updates, and insecure communication are common issues that can give attackers access to sensitive systems.

Key takeaways

The Internet of Things refers to connected devices that communicate with each other. In security, this includes smart locks, cameras, sensors, and alarms. Security must be prioritised from the outset, not added afterwards.

GDPR sets requirements for how personal data from connected devices is handled. Choose suppliers with a proven security track record and long-term support. Separate IoT devices from other networks to limit risk. Keep devices updated and continuously monitor the network.

Technology is evolving rapidly

AI and machine learning will make sensors smarter. 5G enables high-quality real-time applications. Standardisation makes it easier to integrate devices from different manufacturers. Edge computing reduces latency and improves privacy.

For those considering IoT implementation, the message is clear: security first. Do not cut corners on security features, choose reliable suppliers, and invest in the right expertise. With the right conditions, connected devices can improve both security and operational efficiency. But without proper security measures, they can become the weak link that attackers exploit.

The Internet of Things is here to stay, and in the security industry connected devices will only become more common. By understanding both the opportunities and the risks, you can make informed decisions that deliver long-term value without compromising security.