How to protect your office against IoT devices

With the Internet of Things (IoT) market growing at an accelerated rate – research analyst Gartner predicted there will be 26 billion units by 2020 – hackers have an increasingly expanded surface area with which to target businesses. This means that protecting company intellectual property (IP), customer data and operational infrastructures in line with innovation is more urgent than ever before.

The gains to be made in terms of productivity and flexibility from a connected office and suite of smart devices working in harmony are huge and well documented. But like many things in the IoT age, it is not without its risks. The more connected you make your devices, the more risk and reward you expose yourself to. But this shouldn’t stand in the way of progress!

Impacts for not prioritising cyber security challenges

Cyber security is a fundamental enabler of the IoT in the office and if it is not prioritised, the business opportunity will be undermined because as soon as a potential hacker is on one part of your network through a connected device, access to the rest of it can be frighteningly easy.

Recent history teaches us how damaging underestimating this threat can be. FedEx has estimated that its recent NotPetya ransomware outbreak (made possible due to a known Windows vulnerability, EternalBlue) cost it $300m in lost business and clean-up costs.

But while information security management has tended to focus on computers and online processes, it’s important to note that valuable information lives everywhere in the modern office. The place where staff interact with documents and systems is the most permeable area of enterprise security. For example, unless appropriately managed, connected office equipment like printers can represent some of the easiest targets in many modern offices and are increasingly being recognised as critical weak spots in enterprise security.

Smart IT means smart security on IoT connected devices

Smart IT departments look at user needs and solutions that balance tech freedom with robust security. Security shouldn’t be about preventing people from working, but instead enabling them to work in the way they operate best, without putting the enterprise at risk.

To this end, IT security isn’t simply the priority of the CISO or IT department, it is a priority for all, from the CEO through to the most junior member of staff.

To enable smart security, organisations have a responsibility to ensure all devices (including office IoT) and users are authenticated. IoT network security protection should also extend to segmenting the network appropriately rather than just mixing office IoT into the general network. Recently, a casino was hacked when the IoT fish tank was hacked leading to financial loss for the business concerned. Proper network segmentation may have prevented or made this attack less viable. Care must also be taken to ensure that the introduction and provisioning new office IoT follows the expected processes. It’s often too easy for users to deploy without proper thought for security, leading to some of the examples here.

IoT and mobile working brings with it many benefits in terms of productivity, the flow of information and flexibility. However, that should not come at the cost of security.