Your Internet of Things Holiday Gifts May Pose Security Threat
Electronic gadgets are always a popular gift idea. They seem harmless enough except that they are increasingly being connected to the internet which opens the user up to cyber security threats.
Any device that’s connected to the internet and automatically sends and receives data is considered to be part of the Internet of Things (IoT).
Both businesses and consumers are using IoT for productivity and lifestyle uses. They slip so seamlessly into everyday life that you may not stop to think that they’d have any impact on security.
The FBI released a public service announcement, Internet of Things Poses Opportunities for Cyber Crime, that has an interesting and somewhat eye opening list of common IoT devices that could pose a risk:
- Lighting and HVAC: Devices that remotely or automatically adjust lighting or HVAC
- Security Systems: Alarms, Wi-Fi cameras, video monitors in nurseries and daycare
- Medical Devices: Wireless heart monitors or insulin dispensers
- Wearable Technology: Fitness devices
- Smart Appliances: Smart refrigerators and TVs
- Office Equipment: Printers, etc.
- Entertainment: Controlling music or TV from a mobile device
- Fuel monitoring systems
How / Why Am I at Risk?
One of the major risk factors is that cyber criminals can use IoT devices to gain access to your personal information, email, or credit card data.
Oftentimes they can get in easily because users forget to change default usernames and passwords that come with their device.
Recommended protection measures are:
- Isolate IoT devices on their own protected networks
- Disable UPnP on routers
- Purchase IoT devices from manufacturers with a track record of providing secure devices
- Update IoT devices with security patches
- Change default passwords to strong passwords
- Use a secured Wi-Fi router instead of open Wi-Fi connections
BYOD and IoT Affects Enterprise
The OpenDNS 2015 Internet of Things in the Enterprise Report (as mentioned in the video above), notes that there is a “surprising proliferation” in enterprise environments of what was thought to be only consumer IoT devices, “especially in highly regulated areas.”
OpenDNS is a Cisco company that provides threat protection on cloud delivered software platforms.
- Recommendations on how you can detect threats
- How to prevent access to domains
- Bad internet neighborhoods
- How consumer devices “beacon out” to servers in US, Asia, and Europe (even when not in use)
- Is IoT bad for enterprises?
- IoT permeation across highly regulated verticals
- Dealing with IoT device deluge
More companies are enacting bring your own device (BYOD) policies that help them save resources by allowing employees to use their personal smartphones, tablets and wearables but, that opens the door for security issues as well.
Consider this scenario: If you make a call on a softphone from your own personal laptop through your company’s SIP trunk, how secure is the device and voice connection?
In the TelecomReseller article, Balancing Security and Privacy in BYOD, K Royal of Celltrust.com explains that companies “often overlook BYOD’s challenges and risks, including embarrassing, expensive security breaches.”
A growing trend is the use of enterprise mobility management (EMM) platforms that can keep a separation between business and personal calls and data.
This allows companies to remotely erase sensitive data on company devices that are lost or stolen but, “Employees also don’t want their personal text messages, calls, emails and photos archived with corporate information,” says Royal.
Be Aware, Don’t Be Scared
OpenDNS makes a point to say “that the intention of this report is not to scare or shock the public.”
No one’s advocating that we put an end to the convenience of wearable technology or BYOD in the workplace. But by being aware that there’s a potential problem we can work towards a solution that keeps us all secure.