How to Secure Internet of Devices in Your Office

In 2017, a casino suffered a data breach after a hacker used an unsecured, internet-connected fish tank to gain access to their network.

In 2017, a casino suffered a data breach after a hacker used an unsecured, internet-connected fish tank to gain access to their network.

One of cybersecurity expert Brian Krebs’s 5 Immutable Truths About Data Breaches reads: “If you connect it to the Internet, someone will try to hack it.” And never has this been more important to keep in mind than now, when we are connecting everything from appliances to light bulbs to the internet. This trend, known as the “Internet of Things” or “IoT,” utilizes technology to bring helpful new features to everyday items in our homes and businesses. But an unwelcome consequence of that is an increased risk of cyberattacks.

The Risks of Internet of Things Devices

It’s an unfortunate fact that adding Internet of Things devices to your company’s network, without the proper safeguards, can increase your attack surface for cyber attacks. The more devices connected to the internet, the more “doors” hackers have to exploit.

A casino learned this lesson the hard way back in 2017. To better maintain their marine life, the casino installed a fish tank that used internet connectivity to automate feeding and climate control. What an innovative way to use technology to make life easier, right? Unfortunately, criminals were also thinking outside the box. They hacked into the fish tank and used it to gain access to other places on the casino’s network, stealing valuable information.

And the years since have seen their share of IoT horror stories as well. At the tail end of 2019, security camera startup Wyze confirmed a data leak that affected more than 2.4 million customers.

If you run a business that stores confidential information—and most do—these story should scare you. It’s likely that there are IoT devices in your office—some of which you may not even know about. Well-meaning employees may have brought labor-saving connected devices like into the office without realizing the harm they could cause.

But IoT technology is exciting, and it’s here to stay. You don’t have to avoid it—just prepare for it. Be aware of the risks these devices pose and understand how you can guard against those risks. To get you started, here are 5 IoT security tips to protect your business:

1. Raise Awareness: If It Connects to the Office Network, It’s a Security Risk.

Every device that you add to your company’s network—from computers to printers, even fish tanks—becomes one more potential gateway for hackers. Inform employees that any device they add to the network increases the risk of cyberattack.

Ideally, your systems administrator (or outsourced IT provider) should be kept in the loop about any device that’s being connected to the company’s network—including IoT devices. That way, they can evaluate new devices to determine the risk level and make sure any necessary safeguards are put in place.

2. Have Clear Policies

Along these same lines, it’s important to have clear policies to determine whether a new device should be added to your network. It’s generally not advisable to allow employees to bring in and connect non-company-issued devices. Management should weigh the benefits of new IoT devices against potential risks to data security.

3. Consider Segmenting Your Network

One helpful way to prevent IoT devices from becoming a liability is to put them on a wireless network that is either physically or virtually separated from your main company network. That way, if an IoT device is compromised, it doesn’t give hackers access to your company’s critical assets. It’s usually a good idea to have a separate WiFi network for guests anyway, and we’ve seen some companies use this network for nonessential items, such as employee mobile devices and IoT devices.

4. Make Sure IoT Devices Have Strong Passwords

When you do choose to add IoT devices to your company network, it’s crucial to set up strong passwords for them. Often, people assume that because their smart coffee maker doesn’t store sensitive data, there’s no need to use a strong password for the software that goes along with it. What they don’t realize, though, is that hacking the coffee maker could lead to a compromise of data elsewhere on the network.

5. Apply Updates to IoT Devices Regularly

Just like your computers and servers, IoT devices need to be patched on an ongoing basis to guard against new security threats. So, it’s critical to perform updates on IoT software and firmware when they become available from the vendor. An important caveat here is that not all IoT vendors are good about releasing software updates regularly. If you have a device that is rarely or never updated, you might consider not connecting it to the company network, as this typically means that it is less secure.

As always, please comment below or contact us if you have questions. We’re ready to help you make IoT security part of your company’s holistic network administration plan. And, by all means, if you’d like to discuss taking the next step toward proactive network security, contact us today.