Wearables, smart speakers, remote security systems, connected cars, inventory trackers, smart headphones: these are just a handful of the connected devices in modern workplaces.
The Internet of Things (IoT), or internet-enabled devices that collect and act upon data, is becoming more popular with ever-increasing applications. Far beyond a smart coffee pot that automatically gets the brew going to start the workday, the Internet of Things is changing business security and vulnerability in a big way.
So, what’s the problem?
IoT improves productivity, enables employees to work more effectively from home… and causes serious security concerns. Gartner projects there will be 20.4 billion IoT devices in use by 2020. With so many connected devices, the network attack surface is much larger and harder to secure.
Smart devices are designed to connect immediately, and were built with ease of use, not security, as the priority. When employees utilize smart devices via company networks or connect devices storing company data to other networks, that information is at risk. There’s not much regulation demanding security of IoT devices, and companies have a hard time establishing their own protocols fast enough to keep up with the adoption of connected tech.
What can I do about it?
First, you need to prioritize the establishment of some device security guidelines. If employees haven’t cleared all their devices they use for work with IT, start there. Then, determine which security measures you will require, and help your employees set them up across all devices. Make sure your employees know who owns the data on their tech. Set up standards for downloading and storing information. For example, you may want to restrict access to sensitive information by preventing offline access or only allowing access while connected to the secure corporate network.
You also need to restrict permissions by user and by device. Determine who should be able to access which information and who should be able to manipulate it – and from which devices. Then set up network parameters accordingly.
With so many access points across so many devices and networks, relying on your human capital to implement security measures is just not sufficient. As IoT expands, the need for security software increases. Investing in a security program(s) to monitor user activity and devices vastly improves a company’s cybersecurity. Businesses can rely on such software to enforce company network regulations, detect suspicious activity, and discover IT weak spots. Doing so will allow businesses to take full advantage of the possibilities that come with IoT without compromising data security.
Insider Risk – How Prepared Are You?
Not every company is equally prepared to deal with insider risk. This report outlines the four stages of insider risk maturity and explores how to improve your insider risk preparedness.