The internet of things (IoT) is transforming the way we work and live. The ability to connect nearly any object to the internet, including lightbulbs, radiators, cars and refrigerators, means consumers and businesses are able to carry out all manner of tasks in a smarter way. As a result, IoT devices are being adopted on a huge scale around the world.
According to Cisco, 500 billion devices are expected to be connected to the internet by 2030. More often than not, however, this myriad of smart devices is completely unprotected, as consumers ignore the patches and updates they previously took notice of for their laptops and PCs, or the IoT device manufacturers just fail to issue them at all.
Four in ten digital households worldwide have at least one vulnerable device, according to the Avast Smart Home Report 2019. Apart from routers and network devices, media boxes, security cameras and printers are the most vulnerable and these are often the point of entry for hacks, from DDoS (distributed denial-of-service) attacks to data breaches, spying and blackmailing.
We’re going to be securing things we didn’t think we’d have to secure
“Endpoint security on the IoT is pretty non-existent at the moment as nobody really thinks they need to install security measures for their smart devices, be it at home or in the office,” says David Ryder, director of SMB (small and medium-sized business) and MSSP (managed security service provider) at security firm Avast.
“For the vast majority of IoT manufacturers, their main concern is selling products, designing them to work easily and making them addictive. Little thought is put into securing them or even recommending any security. They’re worried about having the conversation about security risks because they believe it might deter people from buying their products.”
With flexible working now widely adopted by organisations of all sizes, the security risks in people’s increasingly connected homes is suddenly a very major consideration for the companies they work for. Their seemingly innocuous unsecured smart doorbell or lights could be a weak link and give cybercriminals access to the company network.
In one of the more high-profile cases, hackers infected millions of home IoT devices with malware to attack DNS (domain name system) provider Dyn and bring down sites such as Twitter and Spotify which rely on its services. These kinds of DDoS attacks now happen frequently and anybody who isn’t actively securing their IoT devices is obliviously participating.
The grey area between office security and home security, and lack of understanding on how to tackle the problem, is creating significant challenges for organisations. Remote workers often resent BYOD (bring your own device) policies and try to find a way to work around them. It’s crucial, therefore, for companies to acknowledge that the model of the traditional security perimeter is broken; it’s now everywhere their workers, data and devices will be.
“A lot of the attacks don’t happen against the hard outer shell. Sometimes they find the soft underbelly and the remote worker is an increasingly common source for attacking an organisation,” says Ryder. “Frequently they have access to the most sensitive files, data and intellectual property in a company. It’s important their security perimeter is treated with as much importance as the company’s headquarters security perimeter.
“Organisations must secure remote workers and devices wherever they roam. The same security posture they have in their office environment needs to be applied to remote workers and implementing that is one of the biggest challenges they face.
“Avast Business has an always-on solution that wherever workers are, provides the same security they get in the office. Even when working on an insecure public wifi network, we provide two-factor authentication and ensure the worker is always behind a robust, cloud-based firewall. It’s essential that this firewall is inspecting all SSL (secure sockets layer)/https (hypertext transfer protocol secure) traffic, otherwise they’re close to useless.
“IoT devices are being adopted faster than the security postures that most organisations have put in place. We’re going to be securing things we didn’t think we’d have to secure. Security needs to be one of the foremost concerns in any IoT policy. Avast Business recognises this and we have put in place systems that ensure we are able to inspect traffic from all IoT devices.
“We provide a multi-layer security approach, at both the endpoint and network level, for remote workers and all IoT devices, from the smallest gateways to the large corporate centre.”
Although security tools and technologies are vital to protecting companies in the age of IoT, one of the best defences, and indeed vulnerabilities, can often be the workforce itself. Remote workers with the right awareness are more likely to not only identify threats and alert the right people, but also prevent issues from occurring in the first place by ensuring they are doing all they can to keep their home IoT devices secure.
For more information please visit https://www.avast.com/en-gb/business
Four security tips for the remote worker
- Secure your router
Household routers are central to IoT network security, yet Avast has found 60 per cent are vulnerable. They all come with a default password that should be changed immediately to something impossible to crack. Making sure the security protocol is WPA2 (wifi protected access II) is also critical and provides a strong foundation of basic security.
- Change other default passwords
The router isn’t the only thing you should be changing passwords on. No matter what the device is, when given the option you should always change the default password to something complicated. Two-factor authentication, if available, should also be enabled. Password managers are very handy and mean you don’t have to remember them all.
- Read the settings and connect only if necessary
IoT devices are created to be simple: take them out of the box, plug them in and away you go. However, each one is a possible gateway for a hacker. Take the time to purchase devices with an encryption standard, to read the security settings and only connect them at the times you need them. For example, if you only drink coffee in the morning, your connected coffee maker shouldn’t be on all day.
- Get additional security and always run updates
It’s important that remote workers realise they are as responsible for cybersecurity as their company is. A strong antivirus protection product is a necessity and IoT devices must be kept updated with the latest versions available from the manufacturer. Updates often include security patches for flaws or bugs, which will help keep hackers at bay.