The popularity of Internet of Things (IoT) devices is steadily on the rise. In fact, IoT Analytics projects that there will be 22 billion active IoT devices by the year 2025. What does this mean for the office, and more specifically, the IT or security team? In short, these teams can expect a growing challenge of securing these devices as they become more commonplace in the office.
It’s no wonder that these devices are becoming a popular fixture in the workplace- they make everyday tasks easier which in turn makes employees happier and more efficient. For example, many offices may implement smart vending machines that communicate when they are getting low on an item and can request a restock from the mothership. We’re also seeing an increase in smart conferencing setups, TVs, and even smart desks. Add this to the existing well-known IoT infrastructure devices, such as HVAC and alarm devices, and you’ve got an entire office full of IoT devices.
While these devices can improve the quality of a work environment, they have the opposite effect on the security of this environment.
IoT Vulnerabilities
Oftentimes, these devices will have a camera, microphone, or some other way of recording information. If one of those devices is breached, an attacker can essentially spy on your organization and record loads of valuable and potentially sensitive information.
The biggest concern, though, lies in many of the infrastructure devices mentioned above being poorly configured. When these poorly configured devices are then connected to the same network as the rest of the business, they are creating a backdoor for hackers to easily access your sensitive data.
How to Secure IoT Devices
So how can we ensure that our office, whether it be a home office or a corporate office, isn’t at risk because of an IoT device? While there’s no easy solution, there are steps you can take to secure these devices and reduce the chance of an incident:
1. Create an IoT device policy for the office.
In this policy, address what devices employees can and cannot bring into the office and whether or not they can connect them to the office network. Include a password strategy in your IoT policy, in which you require all passwords are changed from the default and encourage strong passwords or multi-factor authentication.
It’s also a good idea to include in the policy a way to ensure that any IoT devices in the office are regularly patched and updated.
2. Connect IoT devices to a separate network.
Perhaps the best way to reduce risk from IoT devices in the office is to connect these devices to a separate network. If they are compromised, the damage can be contained within a smaller network rather than the whole company’s network.
If you are unsure of your network configurations or need advice on how to segment these devices onto their own network, consider engaging experts for a Network Security & Architecture Review. This will reveal any possible vulnerabilities in your network and map out the best way to secure your network.
3. Monitor all IoT device activity.
Once you decide who, what, where, and how the devices will be connected, it’s a good idea to keep an eye on the devices’ activity. Monitor the devices and how they are interacting with your network, either in-house or through a third party Managed Security Service Provider (MSSP). This allows you to be proactive if a device has been compromised.
The increase of popularity in IoT devices undoubtedly creates a problem for IT administrators. But with the tips above, you can still take advantage of the conveniences IoT devices provide without drastically increasing the vulnerability of your organization.
