While the tech world is abuzz with talk of intelligent ovens, soil-sensing herb pots and other Internet of Things (IoT) devices that are supposed to revolutionize our homes, another IoT revolution is underway in the workplace. Companies are turning to connected devices to improve day-to-day business functions, and just like us, they have little choice but to embrace the technology that has become as ubiquitous as it is indispensable to life in 2016.
In all the frenzy, concern for cybersecurity is typically wanting. Fortunately, there are ways businesses can stay secure.
IoT is taking hold in workplaces for the same reasons it’s invading the home. That is, companies are looking to boost productivity, savings and physical security. A management consulting firm might invest in a network of smart televisions that can facilitate video conferencing between the office in Atlanta and the client in Nashville. A tech startup could purchase motion sensors and use foot traffic data to maximize energy savings with smart lightbulbs and a thermostat system. Even a mom-and-pop shop could install Wi-Fi security cameras to monitor their store from home. If a company doesn’t use these kinds of devices, there’s still nothing it can do about the iPhones and Fitbits employees invariably bring to work.
With so many devices connected to each other and to the internet, cybersecurity concerns multiply. For one, there are more vectors for attack. Each device represents a new entry point into your network, and each wireless connection is more traffic to intercept or tap into.
To compound the problem, small devices are usually designed with limited processing power and few, if any, security features like data encryption or a firewall. An IoT-saturated office space is more susceptible to a data breach or the introduction of malware. Devices can also be commandeered into the service of an attacker intent on overloading a website with traffic. Just recently, a hacker took over thousands of devices to launch a DDoS attack on a popular cybersecurity blogger.
Finally, data is currency in the cyber world – more devices collecting more data and dumping it into company servers means more assets to oversee and protect.
Apprised of the dangers, are IoT devices even necessary in the workplace? The short answer is that today, there’s still a distinction between essential and non-essential but that distinction will fade in the long-run.
Excluding sectors where internet-enabled devices have become necessary for day-to-day operation (e.g., medical devices and industrial controls), devices facilitating safety are about as essential as the IoT could be in the workplace. Wearable devices monitoring a firefighter’s vitals or the purity of the air a coal miner is breathing in are going to be essential.
Right now, though, a printer’s automatic toner reorder capability and communal refrigerator utilization data don’t make or break a company. But just as desktop computers and the productivity they generate became necessary to stay competitive in nearly every industry, and just as big data is driving advertising and market research, so too will connected devices become necessary to stay competitive in the 21st century.
What can be done, then, about security?
At the enterprise level, companies should draft and administer sound policies that promote resilience and defensive network use. Strong password requirements, multi-factor authentication protocols and cyber awareness training are paramount.
To defend the company’s network, segmentation is always a good strategy. Perhaps have a separate Wi-Fi network exclusively for devices that don’t carry sensitive information and that is walled off from the main network. And with so much more information collected by IoT devices and stored on computers, companies should engage in data mapping, network architecture reviews and regular penetration testing to ensure data security.
At the individual level, awareness is key, and negligence can be dangerous. Understanding how everything is connected promotes caution. An employee setting up the login for a smart fridge is less likely to pick ‘1-2-3-4-5-6’ as a password if he knows a hacker can make an easy jump from the fridge to the thermostat to his financial information. At the same time, connecting a smartphone or wearable activity monitor to the office’s Wi-Fi can facilitate the transfer of malware from the device to the company’s network, and vice versa.
Just like computers revolutionized companies, IoT will promote efficiency and innovation in the workplace. Hopefully, security will occupy a more prominent place in the evolution since we know what dangers lurk ahead if we fail to heed cybersecurity concerns.
About the Author: Tom Boyden is President of GRA Quantum, a pioneering cybersecurity firm with offices in New York, Washington DC, Silicon Valley, and the UK.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.