Many companies across the world are investing in better cybersecurity. They’re securing computers and email, choosing secure software, and backing up data to the cloud. There is, however, one area that’s often overlooked in cybersecurity: Internet-of-Things (IoT) devices.
While IoT devices improve productivity and quality of life in the workplace, they can also act as a gateway for cybercriminals. When these devices are compromised, hackers could gain access to your entire network. Here are some of the most overlooked devices to protect in your office.
1. IP Security Cameras
Security cameras are, ironically, a big target for cybercriminals. When these devices are compromised, hackers can see live or saved video feeds- whether inside or outside your office. According to GDPR Report, Internet Protocol (IP) cameras are the most vulnerable to cyberattacks. Nearly half of all attacks on IoT devices are on IP cameras. Inexpensive IP camera models are often vulnerable and used to facilitate distributed denial of service (DDoS) attacks. These attacks flood a targeted victim with traffic from hundreds or thousands of cameras until the service is overwhelmed and no longer accessible.
Thankfully, it is easy enough to mitigate this major risk in two ways. First, by purchasing a more reputable brand that addresses security vulnerabilities, and second, by keeping the software on the camera up-to-date.
2. Access Control
This might go without saying, but having IoT locks at your office can be a risk as well. A hacker can gain access to these locks and operate them remotely. Under the right circumstances, a hacker can lock you in or out of the office. It is also possible for them to gain physical entry by disabling the locks remotely. This can lead to the theft of important office equipment or data.
To mitigate the risk to your devices, use a secure VPN for remote management and do not allow your devices to be accessed directly from the internet. Also, ensure they are kept up-to-date and protected by complex and/or long passwords.
HVAC systems can also be a target for hackers. If your HVAC system is compromised, there is a real threat of physical damage. For example, a hacker could overheat the office or shut off the heat in the winter causing pipes to burst. All with the intent to cause physical damage, shut down operations, or worse.
A few years ago, the department store chain Target was breached through their IoT HVAC systems. Hackers were able to access and use stored credentials to gain access to Target’s payment systems. It’s important to secure all login credentials to stay safe. If you’re using a third-party provider, make sure to separate network access between critical IT systems, guests, and IoT.
4. Smart TVs
Smart TVs are among the most common IoT devices in the world. Many offices have Smart TVs set up to stream content. Certain models of Smart TV also have built-in cameras. As useful as they are, Smart TVs can be used to spy, display inappropriate content, or jump to other more critical devices on your network if they are vulnerable.
The best way to keep your Smart TV safe is to keep it up-to-date. Consider activating automatic updates if the TV supports them.
Another vulnerable device could be the printer. Printers often operate with old and vulnerable software. Furthermore, printers often store sensitive credentials that permit access to send e-mail or store files on your server. Hackers can steal this information and use it to access your servers or other equipment.
Keep your printers up-to-date and replace them when the vendor classifies them as End-Of-Life and no longer releases security patches.
6. Wireless Equipment
One of the most common high-risk devices in an office environment is wireless technology. If the equipment is vulnerable or set up incorrectly, wireless can be used to access your entire network from nearby.
Always keep your wireless equipment up-to-date and ensure you use complex passwords- something that is at least 12 characters long. You should also change your wireless password every 6-months and ensure guests are given a restricted network that does not have access to your critical systems.
Every digital tool in your office- every IoT device- can be a target. Here are the golden rules for managing your risk:
- Keep devices up-to-date (1-3 months)
- Where supported, turn on automatic updates
- Use multi-factor authentication to log in to your devices
- Stick to reputable brands that are known for longevity and promoting security
- Use strong passwords with at least 12 characters in length
- Do not reuse passwords, use a unique password for everything
- Do not expose your equipment to the internet (do not use port-forwarding)
- Set up a separate network for different services which prevent them from talking to each other
- Replace equipment when the vendor classifies them as EOL (end of life)
All of these security measures will help you keep your office IoT devices safe.