The Internet of Things (IoT) is assisting organizations in transitioning from office to home work. For many, this shift is not a choice but a necessity. However, IoT and smart devices can have profound impacts on security if not properly considered and managed.
Vulnerabilities are Widening, Security Measures Must Be in Place
The shift to remote work means the robust security provided by offices has changed, and with the increase in our remote workplaces (homes) and the various devices (IoT and smart devices) and services used, the scope of vulnerabilities has widened. Hackers are exploiting the vulnerabilities brought about by this transition, and organizations are exposing their weaknesses in ways they never noticed before.
From household appliances to connected cars, we have a variety of IoT devices installed in our homes, and this is not uncommon. People use health and medical devices, environmental control, gaming and media devices, as well as cameras and security systems, while hackers are exploiting these increasing vectors to launch attacks.
Moreover, in most cases, security protocols remain limited to the office, and employees adopt technologies without understanding the security threats they will face, using devices and services. Many technologies and services are not prepared for this transition and the large-scale use of services, and many technologies and services lack the necessary security to protect users and their organizations.
It is particularly noteworthy that as many devices connect and communicate with each other automatically, work including updates, monitoring, management, and protection remains an afterthought or is completely ignored.
IoT devices coexist in our homes and offices, and to improve our security posture, organizations need to take proactive security measures.
IoT Security Risks
IoT devices lack security guidelines, making them difficult to protect. For manufacturers, especially in the early development stages, device security is not a priority. Many devices are launched with default passwords, and users do not change them. This leads to security issues, with many devices left in homes open to hackers. As many devices are inherently insecure, they require manual security updates, yet in most cases, users do not perform these updates. This issue persists due to a lack of education on IoT and insufficient security guidance provided.
It is essential to assess the risks that IoT poses to businesses through remote work. Businesses need to evaluate the risks each IoT device may pose to the confidentiality, integrity, and availability of data. Appropriate controls should be implemented, and access points must be secured.
Protective Measures
■ Training Ensure employees understand the risks and vulnerabilities that IoT devices pose to businesses, networks, and data. Train employees on data security and its importance. Training on home network risks and the importance of ensuring all devices and services (including those belonging to children) helps organizations avoid cybersecurity issues.
■ Responsibility of Remote Workers For businesses, effectively managing the security of employees’ homes is challenging. Therefore, remote workers should take some responsibility for improving their home network security concerning IoT. Everyone should play a role in ensuring adequate security.
Essentially, at home, employees need to take on the role of IT technicians and assessors for their IoT systems to some extent. This is closely tied to training. Therefore, employees need training in various aspects, including the importance of changing default passwords on devices and routers, using multi-factor authentication (MFA), and best practices for password usage and management. Informing them to take measures such as turning off smart speakers during company calls and the benefits of segmenting their home network to separate IoT devices from company assets are steps in the right direction. Additionally, staying vigilant against attempted attacks, including phishing attempts and attacks targeting IoT, as well as IoT security threats and risks, is crucial.
■ Monitoring Services
Require remote users to use remote monitoring software. For some, this may seem like the most common approach, but it is a progressive security measure for remote work. Services can actively monitor behavior and detect any anomalies. Through data collection and analysis, “normal behavior” can be identified for each user profile, and any abnormal behavior can be detected and acted upon. Additionally, alerts can be set when accessing or copying specific data. This is an effective measure to prevent data loss.
■ Identity and Access Management Controls
Gaining visibility into IoT devices is crucial for effectively managing and protecting them. If handled properly, strong identity and access management controls can be implemented, monitoring sensitive data flowing through the IoT system.
■ Avoid Automatic Trust of Devices As part of improving the visibility of IoT devices, devices connected to the organizational network should not be trusted by default. Trust decisions should be based on the device’s connection location and its purpose or function. The value of devices and the potential risks they pose should be continuously assessed, and decisions should be made regarding their requirements.
■ Managing Permissions
While staff are remote, access to data can be appropriately managed through permission management. Determine who needs access to what data and restrict access as necessary. Remember to consider the principle of least privilege, and do not allow access beyond what is required for job functions. A more reasonable approach is to allow access based on requests at appropriate times rather than allowing all employees default full access.
■ Home Network Policy for IoT Devices
For businesses, prohibiting remote workers from using IoT devices on their home networks is challenging. However, as IoT devices are used in employees’ homes, it is essential to emphasize that IoT devices must meet security requirements before accessing the organizational network in the policies for remote/home workers. Training in this area is crucial. In addition to incorporating this into policies, employees must be trained on their responsibilities in this regard. While urging employees to comply with this policy, organizations should adjust their networks accordingly. Therefore, organizations need to ensure that employees receive necessary training on IoT devices and security awareness.
■ Encryption
Providing remote workers with encrypted networks is an effective way to introduce an additional layer of security. Layered defenses can typically enhance security. Each layer has its unique controls, collectively providing a robust security solution. Using a Virtual Private Network (VPN) can protect the network during access, as all connections and communications are encrypted. Therefore, regardless of how IoT connections are in employees’ homes, a VPN can provide a high level of security through encryption.
■ Proactive Security Approach
Remote work expands the IoT ecosystem. Hackers exploit weak authentication in home setups to lock onto networks and valuable data, using IoT devices in our homes as a springboard to gain access to organizational assets. This continually expands the attack surface of organizations. The likelihood of IoT devices being attacked is high. From this perspective, malware may transfer from devices to employees’ endpoint devices and spread laterally within the organization. If this vulnerability is not effectively managed, the consequences can be catastrophic.
As remote workers access their home networks, where many IoT devices may be integrated, organizations must consider security from different angles to understand how IoT devices impact the organization. Therefore, organizations must prioritize methods that enable remote workers to protect their networks.
Disclaimer: This article is from IoT Home, and we respect the copyright of the original author. If there are any copyright issues, please contact the editor of this public account in a timely manner, thank you!
◆ ◆ ◆ ◆ ◆
● Suirui Technology Group Listed in Zhongguancun’s “Top 100 High-Growth Enterprises 2020”
● Suirui Won the “Best Enterprise Award in ICT Industry Internet” at the 2020 ICT Entrepreneur Conference
● The People’s Government of Zhongwei City, China Telecom Ningxia Company, and Suirui Technology Group Signed a Cooperation Framework Agreement for the Western Video Conference Base
● Suirui Technology Group Exhibited at the “2020 China Mobile Global Partner Conference”
● Mayor Wang Fengchao of Chengdu Met with Suirui Technology Group Chairman Shu Cheng to Support Suirui’s Long-Term Development in Chengdu
● Suirui Technology Appeared at the Service Trade Fair, CEO Shu Cheng Gave a Speech at the Winter Expo Theme Forum
● Suirui Group Became One of the First Official Suppliers Signed by the Beijing Winter Olympics Organizing Committee
● Wuhan, We Stand With You!
Company Profile
About Suirui Technology Group
Suirui Technology Group is an emerging player in the industry as an “Intelligent World Builder & Operator” and is also the official collaborative software supplier for the Beijing 2022 Winter Olympics and Winter Paralympics, renowned in the government and enterprise market for many years. Suirui has formed a core business segment centered on communication cloud and artificial intelligence, with over 700,000 total self-owned customers in government/enterprise and more than 10 million platform service customers, covering over 100 million end users, providing solutions and supporting services in the field of the intelligent world for a wide range of government and enterprise clients. Currently, the group’s products cover technology innovation fields including cloud computing (including communication cloud), artificial intelligence, IoT, industrial internet, big data platforms, edge computing, and information security.
Contact Us
Headquarters: No. 1 Baosheng South Road, Haidian District, Beijing, Building 18/19, Beijing Suirui Center
Global Customer Hotline: +86 400-010-6066
