With the COVID-19 pandemic, working from home has become the norm for many office workers. At the same time, working from home has also become a cyber security risk factor. One of the things that make work from home such a risk factor is unsecured IoT (Internet of Things) devices. Think of those connected devices we have at home: cameras, refrigerators, and smart doorbells just to name a few. While it seems far fetched, it really isn’t that difficult for a hacker to get access to one of these devices, and then attack the corporate network. There are some key controls and measures your staff can undertake from home to lessen the risk from these devices.
- Change Default Passwords
Most IoT devices come with a default password out of the box. You don’t need to be a criminal on the dark web looking for the default passwords either, they are pretty simple to find on the web. If your staff continues to use the default password, or select an easy password, it could become compromised.
- Timely Patch Management
Just like the hardware and software in your office network, IoT also require occasional updates and patches. These need to be addressed in a timely manner to prevent cybercriminals from moving laterally in your network.
- Network Segmentation
IoT devices should never be connected to a network with sensitive or critical data. IoT devices should be segmented from other systems on the network to limit a hacker’s ability to move laterally to where they can cause the most damage, both financially and to infrastructure.
- Adding Home IoT to the Business Asset List
It goes without saying that the IT department should conduct periodic reviews to determine what devices are running on the network and verify their approval with management. If certain IoT and mobile devices have been added to the asset list, then they can also be added to the list of devices that need to be patched/upgraded.
- Bluetooth Setup
Most IoT devices come Bluetooth enabled. Bluetooth comes with many cyber security risk factors. It is best that your staff set up their devices in non-discoverable mode when using Bluetooth-paired IoT devices. Hackers continue to identify vulnerabilities to Bluetooth, so it is important to patch the firmware for Bluetooth-enabled devices as those security measures are issued by manufacturers.
In addition to the above tips, cyber awareness training can also help. Training users how to sport COVID-19 scams, as well as teaching the importance of good password hygiene for home and work devices will ultimately help reduce the risks. Also, deploying a secure Software-defined Wide Area Network (SD-WAN) for remote workers is a key component of reducing the risk from home IOT devices. If you are feeling the challenges of trying to secure your business while staff are working remotely, contact Uzado today.