Why consumer IoT devices are the biggest threat to corporate networks

The consumerization of IT promised to empower workforces. Many believed that by enabling employees to access corporate data on their smartphone, tablet, and laptop, productivity levels would naturally increase. But what they did not see coming is that staff would also bring their cybersecurity problems into the workplace, not just their devices.

IT teams desperately warned the C-Suite around the dangers of losing control of company data, but it was too late. By 2013, 70% of employees were using their own devices in the workplace. More worryingly, Ovum warned that 80% of BYOD were unmanaged. Nearly a decade later, most businesses have made peace with BYOD and implemented adequate security policies. 

Wearable tech entered the workplace

Before COVID, many attendees in corporate meetings would proudly wear an activity tracker or smart watch on their wrists. Some would even compare step counts while waiting for others to arrive. Many of these devices also make it easy to record conversations, take photos, and manage their work-life from a watch that syncs information with their phone. 

However, what happens when you accidentally leave your wearable in the gym? Or if it is stolen from your home? Wearables are seldom encrypted and can leak sensitive information into the wrong hands. Many were unwittingly wearing cybersecurity risks on their sleeve when accessing emails without a secure, password-protected wireless connection.

It's easy to forget that the seemingly harmless and aesthetically pleasing device contains more personal data than ever before.

Meetings, emails, health information, habits, and every step you take is monitored and recorded. More devices mean more data being stored. But the shift to home working is creating an even bigger tech headache for security teams.

Which IoT device is your weakest link?

The average home now has more connected devices than many small offices. The so-called Internet of things (IoT) are adding an always-online connection to almost every new home appliance, from refrigerators to toasters and doorbells. Every second, around 127 new devices are connected to the Internet, and it's predicted there will be 75 billion IoT devices by 2025.

The guardians of corporate networks are losing the battle as IoT attacks continue to increase.

Homes full of IoT devices with little or poor security standards are already exposing businesses to vulnerabilities. Most home users do not have the time or inclination to update the passwords or firmware on every device. Meanwhile, ransomware attackers are scanning networks looking for the easiest entry point via a weak IoT device.

Cybersecurity teams cannot protect what they cannot see. But in a world where hackable IoT sex toys frequent home networks, security teams are tasked with protecting corporate data and employees' privacy in their home. The complex challenge also involves ensuring greater mobility and accessibility to increase productivity. But how did we get here?

The COVID-19 impact 

Predictably, COVID-19 is credited for accelerating the pace of transformational change. An unprecedented shift towards working from home at scale has forced many to rely on all things digital. It's also blamed for adding a smorgasbord of vulnerabilities to businesses of all sizes.

Attack vectors in our homes could be smart televisions, thermostats, baby monitors, and lightbulbs that were installed without security in mind.

The pandemic has also left many users vulnerable to social engineering and phishing attempts designed to trick them into divulging confidential information. 

Although we have become more digitally connected than ever before, we are much more vulnerable too. Identifying which IoT devices have appropriate security or how many breaches and cyber-attacks are linked to IoT devices is still a grey area. But something needs to change.

Why it's time to put your IoT devices on a separate network

The average home network used to have a handful of connected devices. But with new gaming consoles, smart speakers, digital assistants, and an increasing number of smart devices, that list of devices connected to the router in your home is getting out of control. When taking the important video conferencing call of Zoom or Teams, all of these connected devices will also be competing for bandwidth.

Ensuring that your home office's internet traffic is given a higher priority than everything else will require a different approach. 

The traditional flat network is no longer fit for purpose.

The FBI recommends that home users should leverage the micro-segmentation feature that is usually found in the firmware of most WIFI routers. It enables users to keep all IoT devices on a separate network and prevents them from contaminating the network used for corporate purposes.

The weaponization of IoT means that vulnerability management and the improvement of cyber-hygiene have become everyone's responsibility. Attackers only need one employee to have one vulnerable device. At that point, consumer IoT rapidly becomes a huge problem for businesses.

When was the last time that you checked how many devices were connected to your wifi network? The creation of an isolated network for all your IoT devices will provide both your home and business with a much-needed security upgrade. So, what are you waiting for?