For several years now, IT security teams have been concerned about the security risks of allowing employees to connect their personal devices on business networks. Without the proper protocols in place, it’s possible for employee devices to infect corporate resources with all manner of malware or allow access to hackers, because most consumers do not adhere to the same level of security as businesses. Unsecured Wi-Fi, less strictly vetted apps, lax password management — these are just some of the ways that consumers fail to adequately protect their devices, leading to potentially disastrous consequences for employers.
And now there is a new and growing threat: The Internet of Things. While often touted as a tool that can actually help employees telecommute more effectively, the simple fact that so many different devices are connecting to the same networks that employees are using for work has many security experts concerned. It might seem far-fetched, but an employee’s smart refrigerator or television could actually lead to a data breach for your company.
Why Connected Devices Present a Risk
The truth is this: Any device that is connected to the internet, whether a server in a large data center or a coffeemaker in a suburban kitchen presents a potential attack surface for a criminal. And given that a recent study found that as many as 60 percent of IoT devices have issues with their interfaces that could lead to lapses in security, there are significant risks to both consumers and businesses.
One of the most significant examples of this was the major attack on internet service provider Dyn in the fall of 2016. Hackers exploited a vulnerability in connected cameras, including connected-security cameras, to effectively turn millions of those devices into bots that attacked the Dyn servers, which were unable to distinguish the traffic coming from the cameras from legitimate web traffic. The resulting DDoS attack knocked thousands of websites offline, costing businesses millions of dollars — and most of the people who owned the affected devices were completely unaware that they were part of the problem.
This specific attack highlighted the security risks of IoT devices, and the vulnerabilities that are often present. For example, many IoT devices don’t allow, or don’t make it easy, for users to set or change passwords, leaving them open to attack by hackers who know the default credentials supplied by the manufacturer. Patching and updating is another issue, as many device owners are simply unaware of updates that have been released, and thus fail to install them. Issues with the applications themselves also allow hackers easy access to the devices, and in many cases, the networks on which they run — and any information shared on those networks. In short, any device that an employee has connected to their home network, especially when connected via a wireless router, can potentially create an opening for a hacker if it is not properly secured.
Securing the Connected Home and Protecting Your Business
Clearly, it is unreasonable to ban your employees from having IoT devices in their homes if they plan to telecommute. However, the increasing number of devices using home networks and the vulnerabilities they present make it more important than ever for you to develop a strong telecommuting policy with strict rules about how employees can access your network.
Most security leaders recommend that you establish VPNs for telecommuting employees, to ensure that they are using a secure Wi-Fi connection and that all data is encrypted. Requiring employees connecting devices to scan for viruses before logging on to the corporate network, as well as practice strong password management, are keys to protecting your network.
Implementing strong controls on your business network are also more important than ever before in the new world of the IoT. Employees aren’t the only people with connected devices that create vulnerabilities. You may not even realize how many devices in the office are connected to the internet, from printers to vending machines to the television in the break room. Everything needs to be protected, and your security measures should include regular updates and patches to these devices, as well as tools to detect and block potential threats.
The security of the IoT is a significant issue, and one that is getting a great deal of attention across the industry. Security is improving, but hackers are growing increasingly sophisticated, and it’s unlikely that any network will ever be completely impervious to attack. However, being aware of the risks and taking steps to close the gaps that currently exist can go a long way toward reducing the risk of an IoT-related breach.