The concept of the Internet of Things (IoT) is becoming widely known and understood, not just in business but in the home too.
The problem with IoT however is knowing what devices are IoT-enabled and which are not. Opening a huge security risk for businesses as these devices make their way into the business in the personal belongings of employees.
Most companies have a bring-your-own-device (BYOD) policy around staff bringing in and using their own laptops, cell phones and tablets, however, increasingly employees are bringing other smart devices into the office. These include smart watches, fitness trackers and e-readers, that are among the many devices that have now found their way into the office – and the network.
“The practice of bringing in IoT devices puts the security team under a lot of pressure. There is already a need to cater for the regular BYOD that we see. Now an enterprise needs to take into account the myriad other devices that people bring in,” says Indi Siriniwasa, vice-president of Trend Micro, Sub-Saharan Africa.
These devices come with their own security risks. It is no secret that malicious actors take advantage of vulnerabilities inherent in IoT devices. Patches and updates are available to help mitigate the risk, however, neglecting to apply the patches or updating in time puts the device at considerable risk. These are the things that hackers are looking for, as access to an enterprise’s network can be made through one of these unprotected devices, leading to a catastrophic breach in cybersecurity.
“Most companies have their own BYOD policies and these need to be extended to include the use of IoT devices that staff may bring in. One of the ways companies can do this is by having employees register their devices before they are allowed to connect to the network. This should go hand-in-hand with employee education,” advises Siriniwasa.
Even before the device gets taken to work, staff should make sure they are aware of the features on their devices and any hidden features or component. A separate company network could also be used to connect these IoT devices, ensuring that multi-layered security is in place in order to block any threats.
“Above all, every enterprise should create a culture of security through regular training and education. Teaching staff to be vigilant is a valuable step towards keeping threats at bay. Yes, companies should have security in place, but it is also a shared responsibility. It’s important to stay one step ahead of cybercriminals,” concludes Siriniwasa.