You probably have heard of the Internet of Things. But do you know what it means? It describes the network of physical objects that are connected with other devices and systems over the internet. Your home is probably full of them. And you are probably working, at least some of the time, from home. Here are some examples: light bulbs, smart appliances, cars, thermostats, and speakers The list goes on. But why does that matter?
A Plethora of Devices Equals a Plethora of Danger for Your Data
This year’s theme for National Cybersecurity Awareness Month was “Do Your Part.” We were encouraged to own our role in protecting our part of cyberspace. We did our part during the month of October with blogs regarding various cyber threads. You can read about creating strong passwords. And here’s our blog about the recent ransomware statistics. We talked about how hackers have used COVID-19 to their advantage. And we finished the month by describing how to be more cyber aware. But in that last blog, we realized that we should dive a little deeper into how the Internet of Things (IoT) really does open you up to cybersecurity threats. So let’s take a look at IoT danger and the unexpected security issues that can create for your business.
Internet of Things Devices Create Security Risks
The proliferation of IoT devices has brought much of that automated convenience that we were all hoping for in the future into our homes every day. It’s great to not have to get up to turn off the lights. We can remotely feed the cat and set our thermometers. We can see who’s at the door even if we aren’t home. Our devices enable us to do less grunt work, giving us more time for other things.
But those conveniences come at a price. Every one of your IoT devices is plugged into your home internet, which is generally far less secure than an in-office network would be. When your staffers are working from home and connecting to your company’s online infrastructure, those smart plugs and digital assistants are connected to your network too, creating risks like unexpected password compromise that you may not have accounted for in your cybersecurity plan.
Specific Examples of IoT devices that have caused unexpected cybersecurity issues:
- Fitbit had vulnerabilities that allowed spyware to get through.
- Ring video doorbell apps were sending Personal Identifiable Information (PII) to outside companies.
- Pet and baby monitor cameras are notoriously prone to hacks.
- Digital toys are also digital risks.
- Solar panels open up home WiFi vulnerabilities.
- Your employees’ unpatched or aged routers can open you up to risk.
- Smart TVs can be rife with malware.
- Hackers are using and abusing smart vacuum cameras.
- Even your coffeemaker can be infected with ransomware.
- Digital home assistants can assist cybercriminals too.
If some of these scenarios sound wild, we’re glad to send you the links to the stories. IoT devices are becoming an increasingly common part of your staff’s workday, and they can create unexpected cybersecurity pitfalls even if they’re using them at home while they work remotely. That’s bad news for your company’s security. On the other hand, it’s good news for cybercriminals who are looking for an opening to slip through.
Mitigate the 3 Biggest Sources of Danger in 3 Easy Steps
Password Reuse Pitfalls
One major risk factor with your staff’s IoT devices is password reuse and recycling. If your staffers are using the same password for their smartwatch app and their business email app, that can create danger for your business. Password reuse is an unfortunate fact of life – in a recent survey 91% of respondents claim to understand the risks of reusing passwords across multiple accounts, but 59% admitted to doing it anyway. It’s also dangerous for your business, as password dumps expose you to additional risk.
Multifactor authentication (MFA) adds a crucial layer of protection between a stolen or compromised password and your data and systems. If cybercriminals try to force their way into your systems with one of those reused passwords, MFA prevents it from opening the door to your systems and data.
Credential Theft Nightmares
Password reuse doesn’t just put your business in danger temporarily. Huge dumps of stolen passwords are all over the Dark Web, and more get added every day. These data dumps are cheap, or free, and they rarely ever go away. So what if your staffer is trying to outfox cybercriminals by recycling a favored password that they haven’t used in years, or creating passwords in an iterated pattern that’s easy to discern if you know enough about them?
Be sure that your employee credentials haven’t been compromised, especially for privileged executive or administrator accounts. If you’re a New Orleans area business owner, we are happy to run a free Dark Web scan on your domain. Just call at 504-301-1094 us or fill this out.
Spear Phishing Traps
Phishing is today’s biggest security problem. Spear phishing is a major category of that highly successful vector of attack. Dark Web data dumps contain more than just passwords. They’re also full of all sorts of information about people and businesses, including PII and sensitive company information. IoT devices are constantly adding to this cybercriminal treasure trove. That’s because millions of consumers fill in detailed information about themselves and their home internet connection. And that information isn’t always stored securely.
Your staff needs to be ready for cybercriminal tricks, especially since phishing is up more than 600% over 2019. Regularly updated security awareness training can help lower the chance of one of your staffers falling for a phishing attack. Companies that engage in security awareness training including phishing resistance have up to 70% fewer cybersecurity incidents.
Internet of Things Risks Will Only Keep Growing
A recent study tells the tale of today’s IoT risks and the expected IoT future risk forecast. 70% of companies polled said they used IoT devices or their staffers did at home or at work. And IT teams were aware of successful or attempted hacks into company systems through those IoT devices. And that’s bad for your business. It’s expected that there will be 28.5 billion connected devices in the world by 2022.
In another survey, 56% of IT professionals said that they expect an IoT-originated attack on their company with the next 12 months. That’s why it’s essential that you don’t wait any longer to assess the necessary security solutions to mitigate IoT cybersecurity risks. Data breach risks have never been higher. No company can afford to shell out for a repair and recovery operation right now.
Contact us to see how we can put our solutions to work securing your business against IoT dangers and other risks today. 504-301-1094