Getting smart with IoT Security

Post-holiday quarantine, local lockdowns and business changes will see many of us work from home long into 2021

While office IT teams have already implemented additional measures and security training to protect the corporate ecosystem, there is a key area that many have overlooked: the risk that Internet of Things (IoT) enabled devices introduces to the network.

The average UK home now has 10.3 IoT enabled devices1. That’s over 286 million nationally. And counting. Each of these devices, as innocuous as they might seem, may be exposing our homes and organisations to cybercrime. Typically, these devices have weaker security and are therefore more vulnerable to hacking attempts. To reduce the risk, employees and IT teams should be working together to boost cyber security. So, what steps can we be taking to make the home network stronger and ensure that corporate ecosystems remain secure?

Smart device savvy

Many of our home devices are constantly on. Take, for example, the devices that look (cameras, baby monitors, doorbells) and listen (Alexa, smartphones, voice-controlled lights). Not only are they a spying risk, but they give hackers with a multitude of network entry points. Once in, lateral movement from one device to another is possible. So, while a cybercriminal may initially breach a connected doorbell, for example, they can eventually make their way to a corporate device being used in the home.

The risk that IoT devices create needs to be countered appropriately. Despite being internet-enabled, it’s easy to forget the potential vulnerabilities they create – particularly if their primary function doesn’t require active internet access, for example, heating controls or fridges. However, as hackers become more skilled in network intrusion, these devices can be exploited. So, with many of us now accessing confidential work information at home, employees and employers alike need to be smart device savvy.

The key to IoT device security is simple: strong and regularly updated passwords are paramount. Changes to password security help combat hacking. While companies may not be able to enforce this in remote working, they should highlight its importance and provide best practice advice.

Quick changes to boost cybersecurity

A secure network is a barrier against IoT hacking. Home networks are typically less secure than those in the workplace, with the router being the primary weak spot. Older routers are likely to have vulnerabilities in their firmware that hackers can exploit. Access at the router level can allow hackers to capture sensitive information and install tools to control the network.

Using a company VPN may reduce risk, but it still leaves employees open to attacks. Cloud-based tools such as Office 365 and G Suite enable employees to access most of what they need without connecting to the corporate VPN and this is something employers need to take heed of.

Employees can make two quick changes to boost cybersecurity. Firstly, update router firmware. An up-to-date router will add an additional layer of security to the network, making it less appealing to hackers. Secondly, change router passwords from weak or default ones. While this may be difficult for companies to enforce, businesses should emphasise its importance.

Socialising safely

Staff using free-to-use applications downloaded onto their personal devices also introduce an additional cyber risk. Take home conferencing, for example. In the early days of lockdown, many of us downloaded free personal video conference apps to chat with friends and family. As travelling continues to be tricky, many people are still using these tools to catch up with loved ones. While the Zoom ‘bombing’ risk, which became a popular way for hackers to gain control of a network, may have been fixed, this is just one example of the way hackers use new, weaker technologies to infiltrate systems.

Businesses that haven’t done so should be encouraging employees to corporate accounts to chat with friends instead of applications that can be downloaded for free. This way, there is more control over the ecosystem and a considerably reduced risk of malicious players finding weak spots by which to exploit the network.

Getting ahead with cybersecurity

Although simple, the security measures detailed here can go a long way in ensuring the safety of home and corporate networks. No one is ever completely safe from cybercrime but there are certain measures that can be taken to become less of a target and ensure that all potential routes in are safeguarded.

In our IoT enabled lives, we’re at an increased risk of cyberattacks. The first step we can take to reduce the risk is to be aware that we were vulnerable in the first place.

We can never fully remove the risk of a cyberattack, but there is a great deal we can do to limit the threat. While working from home is the norm, employers need to educate and empower their employees to keep the network secure.


About the Author

Steven Goff is CyberSecurity Specialist at Maintel. Maintel is a trusted provider of cloud and managed communications services helping customers in both public and private sectors improve their business through digital transformation.

Featured image: ©Sh240

Copy link