How many connected devices have you added to your household since March 2020? Be sure to count fitness trackers, speakers, gaming machines, and even your Tesla, if there’s one in your driveway. Were you one of the many people who waited months for a Peloton? Don’t overlook your new bike. Now add all your voice-based assistants like Google Home and Alexa. One more thing: don’t forget to check your children’s rooms. This could make a difference in your employer’s IoT security.
In the pandemic, many people have bought new connected devices for their personal entertainment and to make daily life easier. order report Rise of the Machines 2021: Status of Connected Devices —IT, IoT, IoMT and OT found that there were twice as many personal devices this year as there were in 2020.
IoT security from home to work
Those devices have an impact on cybersecurity. Yes, most companies have a policy that employees should not connect personal Internet of Things (IoT) devices to the work network. But that doesn’t stop everyone. The Ordr report found that many companies have unauthorized personal devices connected to their network (called hidden devices) at any given time. This does not refer to legitimate cases of bringing your own device (BYOD), such as using your personal phone for work, but to devices connected to the Internet without a business purpose. (BYOD security should also be on your mind, but it’s not exactly the same as these unwanted connections).
infoblox found that a third of companies in the US, UK, and Germany have more than 1,000 hidden devices connected to their network on a typical day. Additionally, 12% of UK organizations report having more than 10,000 shadow devices on any given day.
What makes someone decide to connect their Platoon to your network? And why don’t organizations actively monitor this? It’s hard to know for sure. Work and home have become blurred in the pandemic, which has dragged on for nearly two years. It follows that some of the connections that put IoT security at risk are bugs. Others are probably on purpose. For example, people might want the benefit of increased network performance and speed. I mean, who wants a frozen screen during a workout?
Enterprise network performance and security
How does this situation affect the IoT security of the enterprise network? Not surprisingly, the increase in devices requires more bandwidth, which affects network performance. This also compounds the existing problem of Zoom meetings consuming more bandwidth and causing network issues. The result is slower response times and application delays. A few seconds here and 10 seconds there doesn’t seem like much. However, the time spent by thousands of employees throughout the day quickly adds up to a significant loss of productivity. Not to mention, employees who feel like they don’t have the tools (a fast, reliable network) to do their jobs right may not be as satisfied and engaged with their jobs or with their employers.
Personal devices connected to corporate networks create security risks. How exactly? While organizations are focusing on IoT security for business-related connected devices, they aren’t taking the same precautions with personal devices. After all, in most cases, they don’t even realize that the devices are connected to the network.
Infoblock’s report details security issues caused by shadow devices, including data infiltration, direct denial of service, botnet armies, and ransomware. While each attack type is a bit different, they all have a common theme. Attacks start by breaking into a poorly protected IoT device. Most IoT devices designed for personal use do not meet business security requirements. In other cases, the user does not properly configure and secure the device.
Is the increase in cyberattacks since the pandemic started related to shadow devices? Maybe, but it’s hard to say.
How to mitigate overload and risk
Most organizations already have a policy that prohibits personal devices on the corporate network. Now, companies must enforce those existing policies. If you don’t have a specific IoT security policy, now is the perfect time to write and implement one. The shadow device problem is only going to become a bigger problem from here.
Communicate the new policy or remind employees of the existing policy. That way, people can (hopefully) voluntarily disconnect their hidden devices from the network. Be sure to include specific types of devices. Also, have everyone check all connected devices in your home to make sure none are connected by mistake. You can increase compliance and reduce support calls by including instructions on how to check connectivity for common devices.
Once everyone knows the policy, the next step is to gain visibility into all devices connected to the network. Many organizations use a local IP address management (IPAM) system to help with this task. Once you know all connected devices, you can determine which employees still have unauthorized devices connected to the network. You may need to verify IP addresses. You can then contact those employees directly to remove those devices.
Make IoT security a New Year’s resolution
By continuing to monitor all connected devices and keeping track of hidden devices, you can improve the performance and security of your network. However, shadow device addressing is not a one-time event. You should always monitor and regularly track personal devices connected to the network. Lots of people get new connected devices for the holidays. So consider sending another communication when employees return to work next year. Then you should also closely monitor the devices during the first few weeks of January. That way you can ensure that all employees have followed the instructions you provided.
It is unlikely that you will be able to remove all hidden devices from your network. However, all organizations can significantly reduce risk and impact through education, monitoring, and monitoring.
Find more about unified terminal management solutions.