The IoT, Cybersecurity, Homeworkers & The Corporate Network

Introduction

We all want the latest and greatest digital toys, and when it comes to our homes, we strive for that intelligent home of the future. But with all of the interconnected gadgets we install, are we inadvertently putting spies in our house? Do smart appliances have the ability to hear and see what we are doing?

Internet-connected home appliances are called the Internet of Things (IoT), and the answer to the above questions is YES!

What About That Assistant?

Products like Amazon Alexa and Echo, Apple’s Siri, and Google Assistant use ‘wake words’ to activate and ready themselves for a reaction.  It was initially thought that ONLY after the wake word was said, your conversation was recorded, but it was discovered that they are generally listening all of the time when turned on.  Those recordings exist online. And, as we all know, if it’s online, it can be hacked!

So, the very devices we installed in our homes to help us can be turned into our biggest enemy.

Kitchen Devices Are Not Just Appliances Any More

While your refrigerator may be cool because it is accessible from your phone, registering it creates an attack avenue for cybercriminals. They can use it to access other devices in your home or as a bot for attacking other networks.

You say, “who cares?” Well, it’s not that simple.

Your username and password combo could be compromised, leading hackers to find more information than you ever cared to reveal. They’ll use it as a conduit to find credit card information stored on linked accounts or passwords to your bank. Hackers are very capable of connecting seemingly unimportant pieces of data to find pathways into your wallet.

The Danger of Home Offices With The Internet Of Things

COVID-19 changed the workspace landscape. When the pandemic hit, there was a mad scramble by employees and business owners to set up home offices to continue doing business. It looks like, at least for now, that many employees will remain home-based.

Why does this pose a problem?

First, many home setups are not secure. So businesses must treat home workers the same as they do corporate employees. That means setting up secure devices and home networks. IT professionals also need to consider IoT devices within the home:

  • Are they secure?
  • Have the passwords that came with these devices been changed?
  • Is Alexa listening and recording confidential company conversations?
  • Can a hacker exploit an unsecured IoT device and use it to penetrate the corporate network?

What To Do

  1. Any time an interconnected device is purchased and installed, the password must immediately be changed. Hackers have vast libraries of default passwords for common devices. Not changing the default password is a significant security issue.
  2. IT management needs to include home offices in their security assessments and install and manage enterprise-grade networking equipment and security.
  3. Homeworkers must adhere to all company policies and procedures, including password management, corporate equipment use, etc.
  4. Access to the corporate network from outside locations should only be allowed via a secure, company-approved VPN connection.
  5. Home office workers should not be allowed to access corporate systems through personal devices. The risk of spreading malware to company networks is too significant.
  6. Company files should ALWAYS be saved to the company’s servers where they can be protected. Employees should not be allowed to save files to their PCs.
  7. Make sure home workers are included in your cybersecurity training. Keep them sharp so they’ll recognize social engineering attacks, and in turn, keep themselves and your business safe.
  8. If you do not have your own IT department, sign up with a good Managed Services Provider (MSP) that includes advanced security services as part of their offerings.
  9. Businesses should have a Hybrid-cloud Business Continuity system installed to backup all data, giving it the ability to recover quickly in the event of a disaster. Stop fiddling around with data-only backup. There’s a reason why it’s cheap―because it doesn’t allow for fast recovery.
  10. Organizations, even Small-to-Medium size businesses (SMBs), must up their cybersecurity posture. Traditional tools are no longer enough. All companies should employ a Managed Threat Response (MTR) solution that includes EDR, SIEM, and SOC components. Prices for security services are now within reach of most SMBs.

Conclusion

The business landscape has also changed to include the home, increasing the attack surface area, while COVID-19 opened additional pathways for cybercriminals to exploit. IT management must expand their security posture and make sure that home office environments are also protected.

XSolutions is an Elite Partner of Datto, the world leader in Hybrid-Cloud Business Continuity solutions. We provide Disaster Recovery as a Service (DRaaS), Backup as a Service (BaaS), Cloud Data Protection (CDP), and Managed I.T. Services (MSP). Call (845) 362-9675 for a free consultation. Managed IT Services | Managed IT Security | Backup & Disaster Recovery| Cloud Data Protection