IoT devices represent a security risk when working from home
The global Internet of Things (IoT) market is predicted to reach well over $1 trillion by 2026. As in so many domains, the Covid pandemic has accelerated digital adoption, with IoT solutions deployed in areas such as healthcare to allow for continuous monitoring of Covid patients.
The lack of human intervention required to operate was a distinct plus in such a use case, and IoT networks allow businesses to find new ways to create value, whether through creating new revenue streams or even new business models entirely.
With this growth comes risk, however, and in How to Stay Smart in a Smart World, Gerd Gigerenzer, Director of the Harding Center for Risk Literacy at the University of Potsdam, highlights how the smart home is arguably the biggest cybersecurity risk we face today because of the massively increased landscape for cybercriminals to target.
Vulnerable entry points
A new paper from Palo Alto Networks highlights the scale of the challenge. The company surveyed 1,900 IT decision-makers from 18 countries, including the Netherlands, United Kingdom, Germany, Japan, and Australia, and found that 78% had seen a significant increase in the number of non-business IoT devices on their corporate networks in the past 12 months.
These devices cover the weird and wonderful, including coffee machines, heart rate monitors, pet feeders, and gym equipment, all of which provide cybercriminals with a possible point of access to a network. The respondents highlighted the crucial need to improve security measures to ensure that these non-business devices aren’t compromising the overall security of corporate networks. This is especially so in a year in which remote working has increased significantly, and therefore the reliability of workers’ home IT networks has been a factor in the overall security of corporate networks.
“Remote workers need to be aware that IoT devices could be compromised and used to move laterally to access their work devices if they’re both using the same home router, which in turn could allow attackers to move onto corporate systems,” the report explains. “Everything using the same Wi-Fi network creates more risk, whether in a living room or at a coffee shop.”
The respondents revealed a pressing need for security improvements across the board, but especially in areas such as risk assessment, threat protection, device visibility, and device context for security teams.
"IoT adoption has become a critical business enabler. It presents new security challenges that can only be met if employees and employers share responsibility for protecting networks," Palo Alto Networks say. "Remote workers need to be aware of devices at home that may connect to corporate networks via their home router. Enterprises need to better monitor threats and access to networks and create a level of segmentation to safeguard remote employees and the organization's most valuable assets."
The use of some IoT devices points to how they can be used securely. Just over half of respondents said that their IoT devices were segmented on a distinct network from the network used for their primary business devices, with a further quarter saying that their IoT devices were particularly micro-segmented within specific security zones. This is considered best practice across the industry as it allows organizations to keep IoT devices separate from other IT devices and prevent hackers from exploiting weak links in a network to then move laterally within the network.
Tips for working from home
With remote working expected to feature heavily in a future of work that has hybrid working at the forefront, it’s vital that employees better understand how to keep their personal and professional networks safe from cyberattack. The report includes a number of tips on how employees can do that.
The first of these is to better understand the router that is likely to act as the hub through which all of your IoT devices will connect to the internet. A good first step is to make sure that the default password on the router is changed, before then boosting the encryption on your network by utilizing either WPA2 Personal or WPA3 Personal.
The researchers also recommend employees keep better track of the various devices that are currently connected. The router is a great way to do this and will have a list of all devices that are currently connected to it, as well as listing any DHCP clients and wireless clients. This will allow employees to disable remote management on any devices where it isn’t needed, which will also boost the security of the network.
Employees should also ensure that their devices are kept up to date with any security updates provided by the manufacturers. Too often, we overlook this incredibly basic step and leave ourselves more vulnerable than we need to. We should also introduce two-factor authentication on any device that utilizes it.
Last but not least, employees should look into segmenting their home network. This can be done by creating a guest Wi-Fi network, with all IoT devices then placed onto this network, with more work-critical devices using the main network. This will limit the damage caused by any security vulnerabilities in your IoT devices.
If remote working is to become a feature of the future of work, then it’s important that IT managers and employees better understand the security implications and take relatively straightforward steps to protect themselves from attack.