Of the millions of enterprise-IoT transactions examined in a recent study, the vast majority were sent without benefit of encryption, leaving the data vulnerable to theft and tampering.\nThe research by cloud-based security provider Zscaler found that about 91.5 percent of transactions by internet of things devices took place over plaintext, while 8.5 percent were encrypted with SSL. That means if attackers could intercept the unencrypted traffic, they\u2019d be able to read it and possibly alter it, then deliver it as if it had not been changed.\n\nResearchers looked through one month\u2019s worth of enterprise traffic traversing Zscaler\u2019s cloud seeking the digital footprints of IoT devices. It found and analyzed 56 million IoT-device transactions over that time, and identified the type of devices, protocols they used, the servers they communicated with, how often communication went in and out and general IoT traffic patterns.\nThe team tried to find out which devices generate the most traffic and the threats they face. It discovered that 1,015 organizations had at least one IoT device. The most common devices were set-top boxes (52 percent), then smart TVs (17 percent), wearables (8 percent), data-collection terminals (8 percent), printers (7 percent), IP cameras and phones (5 percent) and medical devices (1 percent).\nWhile they represented only 8 percent of the devices, data-collection terminals generated 80 percent of the traffic.\nThe breakdown is that 18 percent of the IoT devices use SSL to communicate all the time, and of the remaining 82 percent, half used it part of the time and half never used it.The study also found cases of plaintext HTTP being used to authenticate devices and to update software and firmware, as well as use of outdated crypto libraries and weak default credentials.\nWhile IoT devices are common in enterprises, \u201cmany of the devices are employee owned, and this is just one of the reasons they are a security concern,\u201d the report says. Without strict policies and enforcement, these devices represent potential vulnerabilities.\nAnother reason employee-owned IoT devices are a concern is that many businesses don\u2019t consider them a threat because no data is stored on them. But if the data they gather is transmitted insecurely, it is at risk.\n5 tips to protect enterprise IoT\nZscaler recommends these security precautions:\n\nChange default credentials to something more secure. As employees bring in devices, encourage them to use strong passwords and to keep their firmware current.\nIsolate IoT devices on networks and restrict inbound and outbound network traffic.\nRestrict access to IoT devices from external networks and block unnecessary ports from external access.\nApply regular security and firmware updates to IoT devices, and secure network traffic.\nDeploy tools to gain visibility of shadow-IoT devices already inside the network so they can be protected.