The “internet of things” is rapidly growing in popularity, which makes it all the more likely that some internet of things devices will make their way into your office. Also growing is the reputation that these devices have as vulnerabilities to your organizational security. In an increasingly connected world, it’s important to remember how the internet of things could quickly become an interruption to your business if not managed properly.
Let’s explore some of the risks the internet of things can present.
The Security Issues of the IoT
The internet of things has added utility to many devices, expanding their potential in ways that would otherwise be impossible. This has only been further augmented by the access to personal devices that many employees enjoy through Bring Your Own Device (BYOD) policies.
These benefits, however, have come with an assortment of considerable risks alongside them. Devices that are a part of the internet of things are notoriously vulnerable to many cyberattacks, which means they could potentially be used as a point of access to your business’ network. From there, a cybercriminal has plenty of opportunities to create issues, whether that’s by stealing your data, hijacking your devices to be used in a botnet or whatever their goal may be.
This problem is only exacerbated by the tendency for internet of things devices to go without updates, whether through the negligence of the manufacturer or of the consumer. Without these updates, security flaws go unresolved, and the devices are thereby left vulnerable.
Consider how many devices are now manufactured that connect to the internet. Smart watches and other wearables, smart speakers and televisions — really, almost anything with the word “smart” in its name. We’ve more or less surrounded ourselves with the internet of things. This includes the time we spend in the workplace, despite many of these devices not being visible on the network to IT. As a result, it has become almost impossible to track all the devices that attach to a network, which has developed into a new issue for businesses.
Shadow Internet of Things
Thanks to the public demand for convenience and advanced functionality, more and more internet of things devices are being manufactured all the time. If any of these devices makes its way into your office without the knowledge and approval of IT, you have a shadow internet of things problem.
If you do, you aren’t alone.
In 2017, 100 percent of organizations surveyed by an internet of things security firm were found to have consumer internet of things devices on the network that qualified as shadow internet of things. Another report, from 2018, stated that one-third of United States, United Kingdom and German companies have more than 1,000 shadow internet of things devices on their networks every day. Combine this with the security shortcomings discussed above, and you have a recipe for a cybersecurity disaster.
You may remember the Mirai botnet, which struck back in 2016. This botnet was built up of more than 600,000 devices at its peak and focused primarily on internet of things devices. Once these devices were identified by Mirai, they would be attacked and infected, adding more computing power to the botnet. Mirai is far from the only example. Cybercriminals have been known to hack into internet of things devices to gain network access, spy and listen in on conversations and otherwise prove themselves to be a nuisance.
How to Minimize Shadow Internet of Things
Clearly, shadow internet of things isn’t a good thing for any organization. There are a few things you can do to help protect your business from the security issues that shadow internet of things can cause.
- Accept internet of things devices in the workplace. If your employees really want to use one of their devices at work, they’re going to. Instead of shooting down requests to bring in these devices, make it easier for your employees to do so through the proper channels, and make sure your employees are aware of these channels. Openness and cooperation can be effective tools as you try to get your team on the same page you’re on.
- Keep internet of things devices separate. To better protect your network, you’ll want to consider utilizing a dedicated Wi-Fi network for internet of things devices, configured to allow them to transmit the information they generate while blocking any incoming calls to them. This will help prevent threats from being transmitted to internet of things devices
- Seek out potential threats. Not all shadow internet of things necessarily can be found on an organization’s network, as more than 80 percent of the internet of things is wireless. This means you need to be monitoring your wireless signals for shadow internet of things devices and networks.
Your business’ security is important, too important to be undermined by an insecure consumer device that was brought in without your knowledge. You need to get out ahead of shadow internet of things, as well as the other threats that could do your business harm.
Advisors Tech can help. Our professionals are well-versed in cybersecurity best practices and how to use them to your benefit. To find out more about what we can do for your business, reach out to us at 844.671.6071.