From the activity bracelets employees wear to the television used for videoconferences in the meeting room, from your hard drive to the office cafeteria, every day there are more and more devices connected to the internet. These apparatuses seem harmless but in reality, they are “smart” devices that could be putting your company at risk. These connected devices are a part of the Internet of Things (IoT) and are opening the door to your business’s private information.
With the immense number of devices connected to the Internet, everything is susceptible to threats. In fact, experts have predicted that by 2020 more than 50 billion gadgets will be connected to the internet and will use the net to communicate with each other. This means that there will be a ton of doors and windows open for cybercriminals, who will break barriers and take advantage of companies who do not take adequate security measures.
By 2020 more than 50 billion gadgets will be connected to the Internet and will use the net to communicate with each other.
The most worrisome thing is that these gadgets are pretty much computers. From the intelligent thermostat that controls the temperature in the office, to the video surveillance system that uploads photos onto the cloud, and the printer that advises you when the toner or paper needs to be replaced, these are all examples of IoTs that are not considered to be IT risks, unlike a computer, phone or Tablet. Even Smartwatches, which are becoming more and more popular in the workplace, are not considered dangerous.
Here, emerged a threat that is very similar to the famous “IT Shadow” that references programs and tools that employees began using with without authorization from the IT department (for example, a specific Dropbox account used to share or store files). With the surge in connected devices, the era of “IoT Shadow” has arrived: gadgets that access the company network without managers being aware of it.
To control them, the entire company needs to have a strict BYOD (Bring Your Own Device) policy that supports not only the normal, usual devices (laptops, smartphones, tablets), but also new gadgets within the Internet of Things. Unfortunately, 72% of the companies that practice this acknowledge that their employees use software or hardware that is not approved by IT managers.
Additionally, it is not just a matter of creating the rules, but also implementing them correctly and making sure that they are met. For example, the technical department should perform frequent inspections of the internet traffic to help them figure out where it comes from, where it is going and how to detect programs and gadgets that are connected without authorization. When this happens, the unauthorized programs and gadgets must be removed immediately, at least until IT heads can check that they are safe and comply with the BYOD policy.
Many of these Internet of Things gadgets are poorly designed in respect to security because these devices were created to be inexpensive and easy-to-use which presents a problem (for example, if the device does not have a screen it makes it seem harmless when it is not). It is essential to remember this information and monitor your systems, because one broken link can break your entire security chain.