By Emily Newton
Internet of Things (IoT) devices are a consistent but manageable threat facing today’s enterprises. For example, many companies have IoT device policies and tightly controlled environments that help keep IT risks at bay.
Things drastically changed with more employees working remotely during the COVID-19 pandemic. Many company leaders decided to let their teams work from home indefinitely, particularly after finding that many were at least as productive off-site as in the office.
However, one downside is that remote work can elevate IoT security risks. Here are some thought-provoking examples.
1. Smart Home Vulnerabilities Can Impact Workplaces
Most people who have smart home technology use smartphone applications to interact with the various products. That common practice poses risks when a person uses their smartphone to connect to company resources via a virtual private network. If they have smart home apps on that phone, the situation could create a malicious gateway.
Lou Morentín, vice president of compliance and risk management at Cerberus Sentinel, explained, “Users working from home are likely going to be connected to their home Wi-Fi and internet connections. The security of these networks is often much less comprehensive than a corporate environment and can open the remote worker’s computer and data sent over the network to attack. Many homes have ‘smart appliances’ or other IoT devices that are regularly compromised at scale by cybercriminals.”
Cybersecurity researchers recently experimented to show how it might happen. They used IoT light bulbs and the associated control bridges. The attack begins when a hacker manipulates a bulb’s color or brightness, making users assume it has a glitch. They try to fix it by removing the bulb from the control bridge and reinstalling it.
Then, a cybercriminal can interact with the control bridge, using it to spread ransomware or spyware. In such cases, a hacker could lock someone out of workplace documents that they formerly accessed over their home networks and saved to their computer.
Alternatively, spyware often captures login details and sends them to unauthorized parties. Thus, a hacker could use spyware to access a slew of workplace interfaces and resources.
2. Many Remote Workers Did Not Receive New Cybersecurity Training
As many companies rapidly pivoted to remote work during the COVID-19 pandemic, workers had to adapt in a matter of days — sometimes overnight. However, a June 2020 survey from IBM showed that a significant percentage of people did not receive any new education before that transition happened.
More specifically, 45% of people polled did not receive specific training. If workplace leaders showed more initiative in that area, they could teach people about the particular cybersecurity threats IoT devices can cause.
For example, smart speakers are top-selling consumer IoT devices. However, an incident occurred where an Amazon smart speaker recorded a private conversation in a home and transmitted it to a user’s contact.
You can imagine the disastrous consequences if that happened while someone was on a business call discussing sensitive information. Amazon representatives clarified that what happened was an extremely rare issue, but they didn’t detail why it happened.
One possible workaround is to have employees unplug smart speakers before business calls occur. Alternatively, have them ensure the gadgets are nowhere near the room where someone works.
3. Password Reuse Can Affect IoT Devices and Workplace Portals
Many people read about data breaches in the news but remain relatively unaware of why those incidents have become so commonplace. Statistics indicate there were nearly 500 million records breached in 2018 alone, which sheds light on the enormity of the problem.
Company IT teams often require that people follow certain password rules at the workplace. However, it becomes increasingly difficult to mandate that as workforces become more distributed.
Imagine a scenario where a person uses the same password for their work email, banking portal, Netflix account, and team communication tool. Once they get into that habit, it makes sense that they’d continue it with any smart gadgets in their homes, from security cameras to intelligent appliances.
Once a cybercriminal gains access to one stolen password, they could potentially use it to access dozens of other work and personal resources that a person uses. Thus, such problems could create widespread data breaches for an organization.
Workplace leaders can minimize that issue by emphasizing the importance of unique passwords, especially when logging into organizational portals. They should also encourage anyone who uses IoT devices at home for work or personal reasons to immediately change the default passwords for those gadgets and make them difficult to guess.
4. Remote Working Makes IoT Software Updates More Challenging
When enterprises use IoT gadgets, there are typically systems in place to ensure those devices all receive the necessary updates. That’s crucial because device manufacturers release security patches to address known vulnerabilities.
However, when a person has IoT devices used for remote working, it’s virtually impossible to verify the gadgets receive regular updates. A company can aim to reduce IoT security problems by teaching employees how to activate an automatic update setting or showing them where and how to check for new updates.
Those proactive measures don’t eliminate risks, though, especially if employees don’t follow instructions or they become forgetful. A related issue is that IoT vulnerabilities can become extremely widespread.
For example, researchers recently identified cybersecurity threats that could affect millions of IoT devices due to a known flaw. They confirmed that the so-called “Name:Wreck” vulnerabilities could allow hackers to execute code from afar, take devices offline, or use them as gateways to associated networks.
Security patches exist to fix the vulnerabilities. However, they’re not always quick or easy fixes. IoT devices are often challenging to patch with new updates, and that’s especially true if a person working remotely becomes affected by an identified flaw.
Installing the patch may prove too complicated for some off-site workers to do themselves. Plus, they may not even know the IoT devices they use regularly have issues.
Minimizing IoT-Related Cybersecurity Threats Requires a Proactive Approach
Most of your team members probably don’t think of IoT security as a major issue. They primarily associate IoT gadgets with convenience and love how they do high-tech things, like respond to voice prompts or automatically create mood lighting for a room.
However, the examples here show that IoT devices can increase the security challenges associated with working remotely. A company’s security decision-makers should collaborate and determine how to help people manage those matters so employees stay productive and safe while working remotely.
Emily Newton is the Editor-in-Chief of Revolutionized Magazine. She has over three years of experience writing articles in the industrial sector.
Follow Brilliance Security Magazine on Twitter and LinkedIn to ensure you receive alerts for the most up-to-date security and cybersecurity news and information.