k_Street Consulting, LLC Blog
Protecting Your Business by Understanding IoT Security
Ah, the holidays; they are a time for good food and good cheer, but also tend to be a time of gift-giving of all kinds. You might have all kinds of new gadgets running around your office that aren’t being accounted for. Some of these devices might be a security issue for your business precisely because they aren’t normally meant to connect to the Internet. These Internet of Things devices just aren’t as secure as they should be, especially in a business environment.
Of course, it’s not entirely the fault of the user, even if they do represent part of the blame for this. Internet of Things devices are well-known security threats, but it’s largely because of the way they are designed and developed. Even if the user was aware of the security issues presented by these devices, the truth is that there isn’t anything they can do about it barring just not using them outright.
This is due to the fact that the security issues found in Internet of Things devices are built into them, particularly because the developers of the devices don’t build them with security in mind. If you think about it in terms of what they are used to building--devices that don’t have any kind of connectivity--it all begins to make sense. A manufacturer who produces a smart blender isn’t a software engineer or a security professional. Up until that point, they just made blenders, so they had no need for software development or security. Unfortunately, this creates a device that is made with functionality in mind over security, much to the detriment of businesses.
These devices are most vulnerable to threats that could be patched, if only the Internet of Things devices were easily patched by the developer and the user. This isn’t currently the case. It’s practically impossible to distribute patches to all Internet of Things devices manually, so if the developer hasn’t enabled automatic updates, you can forget about the user actually doing it, unless it gets in the way of the core functionality of the device. While this responsibility would fall on the developer, some have also suggested the implementation of unique default passwords, as users often see no need to change the default password on their new device before putting it to work.
To counteract these threats, businesses have to implement measures to keep their networks safe from the wave of additional devices entering the office. Whether you’re aware of it or not, it’s likely that employees are bringing new devices to work every day, whether it’s a tablet or a smart watch. A Bring Your Own Device policy with clear-cut rules on what’s allowed and what’s not will go a long way toward keeping unwanted devices in the workplace, and it can help to provide a general outline for how these devices should be used in the office as well. Remember, it’s about the future of your business, not about inconveniencing anyone.
If your business could use a hand with implementing a BYOD policy, k_Street Consulting, LLC can help. To learn more, reach out to us at (202) 640-2737.
Comments