Several things usually happen when employees transition into remote work arrangements.
First, they start wearing the most comfortable clothes they have, which is most likely their birthday suit. Second, they improve their work-life balance by doing the bulk of their work when they are naturally the most productive. Third, they begin connecting their work devices to home networks comprised of various IoT gadgets.
While the first bit may be slightly disconcerting to keep in mind during group voice calls, it’s the last one you should actually be worried about. Why? Because IoT devices pose massive security risks for remote employees and, consequently, the entire organization.
Understanding IoT Security Risks
The problem with many IoT devices, such as Bluetooth speakers, fitness trackers, smart kitchen appliances, smart TVs, wireless security cameras, and all kinds of connected sensors is that many of them haven’t been designed and manufactured with security as a top priority.
Although the IoT market has matured considerably during the last few years alone, it’s still an extremely competitive space that doesn’t give manufacturers a lot of time to polish their products before making them available to consumers.
Since lackluster security is something consumers don’t notice when reading product descriptions and watching online reviews, it usually gets assigned a low priority, creating the conditions for the perfect cybersecurity storm.
The situation is actually so bad that the Palo Alto Networks Unit 42’s IoT Threat Report estimates 57 percent of IoT devices to be vulnerable to medium- or high-severity attacks. What’s even more alarming is that 98 percent of all IoT traffic is unencrypted, so anyone with the means to do so can simply steal potentially sensitive traffic and use it for various nefarious purposes.
But don’t think that IoT security risks exist only in the realm of statistical data. Vulnerable IoT devices have been the root cause of several large-scale cybersecurity incidents, including the following two.
Case Study #1: Mirai Malware Attack
In 2016, a group of hackers managed to hijack poorly secured IP cameras, home routers, and other IoT devices using more than 60 common factory default usernames and passwords and infect them with the so-called Mirai malware. The malware made it possible for the hackers to turn the hijacked IoT devices into bots and use them to orchestrate some of the largest and most disruptive distributed denial of service (DDoS) attacks ever.
Case Study #2: Western Digital MyBook Live Breach
Very recently, many users of Western Digital MyBook Live network storage drives woke up to an unpleasant surprise, discovering their hard drivers had been wiped clean. It eventually turned out that malicious hackers had been able to exploit a remote command execution vulnerability to trigger the factory restore command, erasing all data stored on the affected storage devices. The wiped devices received their last firmware update in 2015.
How to Address the Security Risks Created by IoT Devices?
In an ideal world, employees would never connect their work devices to any network that includes potentially unsecured IoT devices, and they would avoid working in the presence of IoT devices with an automated listening function, such as smart speakers and smart TVs. This is the approach the Army is taking, but it’s not something most SMBs can reasonably expect their employees to follow through with.
There are, however, several ways how all organizations can effectively address the security risks created by IoT devices without placing an unreasonable burden on their employees.
Ensure Employees Know About IoT Risks
Many employees are not aware that the IoT devices they enjoy using so much may be full of vulnerabilities that are just waiting to be exploited. Even a few cybersecurity awareness training sessions are often enough to make them understand how they can open up the organization to security-related issues and equip them with the knowledge and skills they need to better protect themselves.
Keep All Devices Updated
Unpatched devices are one of the leading causes of data breaches, and IoT devices, in particular, are among the worst offenders. That’s why you should require your employees to install available patches as soon as they are released, even if it means interrupting their work. Unfortunately, not all vulnerabilities are patched immediately after being discovered, and some vulnerabilities are discovered only when cybercriminals begin to actively exploit them.
Require Employees to Use Strong Passwords
As was the case with the Mirai malware attack, weak or default passwords make it easy for cybercriminals to assume control of IoT and use them for various nefarious purposes. Teaching employees to create strong, unique passwords for all of their devices is a great first step, but it also helps to equip them with a secure password manager so they don’t feel the need to write their passwords down on sticky notes.
Align Your Defenses to Address IoT Security Risks
IoT security risks are not to be taken lightly because they can lead to costly downtime and even costlier data breaches. The IoT market is expected to expand from $250.72 billion in 2019 to $1,463.19 billion by 2027, so organizations should assume a proactive approach to cybersecurity as soon as possible.
Aligned Technology Solutions can protect you and your most valuable assets and information with best-in-class cybersecurity solutions to keep your remote employees safe even when working from homes full of IoT devices. Schedule a free consultation now, and let us help you address IoT security risks.
