July 15th, 2021 Read Time: 5 minutes
Justin Sheil is the Content Marketing Manager at Electric. He has 5+ years experience writing about a wide range of technology topics. As part of his role at Electric, he currently functions as the head of the company’s Research & Insights division.
Subscribe to our blog and stay up to date
The Internet of Things (IoT) is a concept that has been around for the past two decades. However, it has gained immense traction over the last few years. This growth in popularity and adoption is expected to continue with experts, estimating that there will be at least 30 billion IoT connections by 2025.
Although the numbers differ depending on different researchers, the fact remains that IoT is growing fast. The growth can be credited to the convenience of connecting non-traditional devices, such as domestic appliances, watches, security systems, and vehicles to the internet.
With more people working from home due to the ongoing pandemic, these devices are posing a significant security risk to organizations of all sizes. Their interconnected nature also presents cybercriminals with a lucrative opportunity to access and attack company networks from anywhere in the world.
As a still-evolving technology, the IoT has many vulnerabilities that impede the security of the devices. When working from home, these challenges also become a concern for employers because their data and information are at risk when accessed through IoT devices.
The pandemic has pushed many companies to allow their workers to work from home either entirely or partially. What this has done is to break the conventional office cybersecurity perimeter and create a grey area between remote and office security.
That is why it is increasingly critical for company executives to identify the IoT privacy concerns to implement crucial measures to curb these.
Below are the top IoT privacy and security concerns companies are facing due to a hybrid workforce.
Most IoT devices, like smart assistants (think Amazon Alexa or Google Assistant), are always listening to your conversation as they try to pick up their wake signals. Several confidentiality implications arise from this as the conversations are sent to servers for assessment. Improper encryption during the transfer can result in these conversations landing in the wrong hands.
If these conversations contain a company's classified information, it can be used for espionage, aid enforcement with investigations, or marketing efforts by rogue marketers. Hackers can also use IoT devices to spy and eavesdrop on a company's big data.
Manufacturers are out creating a new IoT device every day, yet they put very little thought into the security of the devices. That's because they know bringing up these tough conversations could thwart their marketing efforts and increase production costs, so they'd rather not.
Sadly, security frameworks and best practices in the market are not standardized, which only makes it harder to enhance the security of the devices. As a result, IoT devices are designed with limited user interfaces that enable them to function unsupervised for a long time.
The user interface of these devices compromises their security even more by making it impossible to implement basic security features or methodologies, such as updates. This means that although the devices are secure at the time of the purchase, it diminishes as hackers stay ahead and exploit bugs and vulnerabilities over the lifetime of the devices.
The IoT skill gap is putting your entire organization at risk of attacks. It makes it increasingly easy for hackers and other cybercriminals to trick your employees using methods such as social engineering.
These kinds of attacks are targeted at the users of the devices, who in this case are your employees with very little to no understanding of the basic IoT functionalities.
Unlike how everyone on your team can currently change passwords, secure home WiFI networks, and avoid phishing scams, many cannot update the passwords or install security patches on these devices they always have around them.
Just like regular watches, fitness trackers and smartwatches are easy to lose or misplace. However, unlike the former, the latter devices connected to the internet could lead to a data breach when they land in the wrong hands.
They could be a target for cybercriminals who know the kind of operations your company runs. For example, cybercriminals could access sensitive information stored on email or memo pads if the devices are stolen and land in their hands.
This should be a significant concern if your company works on a BYOD (bring your own devices) policy because more data and information are stored on these easy-to-lose devices.
IoT security challenges are only growing due to the increased adoption and complexity of the devices. Fortunately, there are numerous ways to secure IoT devices to minimize the risk and threat of cyber attacks on your company.
The first step to securing IoT as a company is determining your security compliance class under the Internet of Things Security Compliance Framework (IoTSCF). The IoTSCF is a security compliance framework developed and released by the IoT Security Foundation (IoTSF) in May 2020 to help organizations adopt a risk-based approach to secure IoT.
You can access the minimum requirement for your compliance class by downloading the best practice guidelines free from the IoTSF website.
Additionally, you can train or advise your workers on the following ways to secure IoT devices.
Change default passwords soon after purchasing the devices and keep this up every 30 to 90 days.
Customize device settings and sizable any defaults you will not be using.
Implement multi-factor authentications depending on your organization's threat model and desired level of security.
Encourage the use of a company VPN to create an extra security layer and protect sensitive company information while working remotely.
Train employees on the different features and components of the most common IoT devices.
IoT has promising rewards for businesses, including improved operational efficiency and employee productivity. However, waging the waters of a hybrid workplace makes dedicated IT support indispensable.
At Electric, we can help you transition smoothly into a hybrid workplace and implement the necessary security practices and measures you need to secure the IoT devices used by your team. It’s important to consider the IoT industry will continue to grow, as will the threats associated with using these devices.
IT powers hybrid work, and we power IT. We can give your organization a hand in transitioning into this new normal. Get in touch today to learn more.