You took precautions setting up your employees work devices to keep them secure, didn’t you? So now they – and your company data – are safe and secure on your employee’s home network, right? Maybe not; because of their home IoT devices.
What is IoT?
Internet of Things (or IoT for short) are all those “smart devices” that have been taking homes by storm over the past decade. You know the things, lights that are voice activated, your video doorbell, your thermostat you can control from your phone, and the list goes on. These IoT devices have become very popular in the past handful of years, with 12.2% of homes using smart devices worldwide.
In fact, the average home has over 10 electronic devices in it, with half of those being IoT. It seems like practically everything I buy is Alexa or Google Home enabled these days.
Then Work from Home Factors In
An equal rise in popularity over the past few years has been remote and hybrid working. We all know it. The pandemic threw everything upside down, and the resulting solutions included some form of working from home. As things settled down, there was no return to normal. There was a new normal, and it included remote work.
With working from home being commonplace, security of devices at home has stepped up. Now it’s easy to assign a laptop or workstation to an employee and manage it. But what about their network?
Those secure devices are sharing a network with less secure devices. That is potentially very dangerous.
IoT isn’t secure?
Simply put, not really. Don’t get me wrong, they do enforce some security, but it just isn’t at a high standard that it should be. They use basic interfaces that don’t show if a device is breached or not, they lack antivirus or malware capabilities, they don’t get updated often (if at all), and default logins often don’t get changed. It makes IoT devices the low hanging fruit for security breaches.
I mean, nobody really wants to hack your thermostat to see what temperature you think is comfortable. So why does that need to be ultra-secure? Technically it doesn’t.
Here’s the thing though, what if they hack your thermostat to gain entry to your network, then move over to other devices on that same network – maybe a device more interesting like your PC or phone? That’s what we call lateral movement, and is #2 on our 3 Mistakes Your Company is Probably Making list.
That’s where the payoff is, and why IoT breaches are exponentially on the rise. Cyber security company Kaspersky reported 1.51 Billion breaches of IoT devices in the first six months of 2021.
IoT devices are easy access to get to your computer
Our devices are constantly communicating on our networks with other devices and technologies with the purpose of making our lives easier and more efficient. So that continual data flow needs to be protected, and it isn’t always using the best security protocols.
So how do I protect my (and my company’s) devices and data?
For the home user (and for business best practices to recommend for your employees) you should start with some standard security settings.
- Change the default name of your router and its login.
- Give your wifi network a strong password using uppercase, lowercase, numbers, and special characters.
- As an added bonus, hide (do not broadcast) your network SSID.
The easiest solution…
The biggest take away from this article is this one simple trick; separate your IoT devices and your normal network.
A separate network means that your IoT devices can’t automatically connect and communicate to your main network. If any of your IoT devices get breached, it prevents the hacker from moving over to your PC and smartphone which are on your normal network.
This is our standard procedure for networks we implement here at Xentric. We do all sorts of fancy things with VLANs and physical cabling to keep branches of data (be it computers, phones, IoT) all separate. Unfortunately, home equipment is not really designed to work on that level.
But it can still be easy. Like, stupid simple easy…just use your guest network.
Set up your guest network
Every home router has the ability to create a guest network these days. You know, for when you have guests over, they don’t have to access your entire network, they just want to get some internet access. The guest network allows this.
Therefore, if you put all of your IoT devices on the guest network, they still have internet access so they can function, but they lose the ability to see any other devices on your network because they are on a completely different network. Here’s the brilliant part, if you need to access your IoT devices via an app on your phone, you can. Your main network can “talk down” to the guest network, but the guest network can’t “talk upward” to the main network.
Now if a hacker breaches one of your IoT devices, they are stuck. They can’t see any other devices to move to because everything else in on a separate network. This means personal data like banking, and confidential business data are all safe.
If you need help setting it all up, or need a review of your business (and remote worker) security let us know.