Is the Internet of Things the distributed workforce’s Trojan horse?
Our lives are more interconnected than ever, with everything from televisions to fridges, kettles, cars and even doors and windows now able to be linked together over the internet. Having long since moved on from being just an intriguing concept, the Internet of Things (IoT) is very much here to stay, with devices like Bluetooth headphones and the Amazon Alexa now omnipresent in many people's lives. But while these 'smart' devices are often convenient and fun, they do present a number of concerns regarding security.
We've all heard the stories about Alexa units' 'creepy laugh', and the seemingly endless bizarre ways smart devices have been hacked. However, with more and more of us now connecting to corporate networks from home, these quirky stories need to be taken seriously and measures taken to avoid smart devices becoming major security risks. In one of our recent Cyber Security webinars in May 2020, we saw first-hand how easy it is for smart devices in the home to be hacked. The 'live hack' webinar saw one of our vendor experts hack into someone's home network through a smart kettle, demonstrating just how quickly hackers can access your Wi-Fi and even your corporate network. But that's just the tips of the iceberg.
The hidden dangers of smart devices
Consider the following:
- Most home routers have never had their passwords changed since they were purchased, which means they often represent a weak point in home networks that hackers can exploit, potentially using them as a backdoor to corporate networks.
- Smart televisions offer both voice recognition and inbuilt cameras, but as seen in the very public scandal over the security risks presented by some Samsung units, these can lead to a significant number of corporate security concerns.
- Amazon Alexa units are hardwired, which means they are always on. This is not an issue if they are switched off when not in use, but otherwise they are constantly gathering data from all conversations around them. If home workers are ever discussing sensitive subjects (mergers, for example) on conference calls, this may be inadvertently recorded by the unit – a serious breach of compliance. Recent updates have attempted to mitigate such risks by improving the voice recognition algorithms, but the risk remains.
- As demonstrated in our webinar, even the most seemingly innocuous smart devices – such as kettles, lightbulbs and white goods – can be used to access the home network and, in turn, the corporate network.
- Viruses and malware often work by infecting one device, then passing themselves onto others on the same network, without differentiating between personal and office computers. This means an office laptop sharing a network with personal devices runs the risk of passing an infection onto the corporate network. VPNs reduce this risk, but this relies on home workers staying connected to them. However, even if a device was not connected to the corporate network when it became infected, when it does eventually connect via VPN, the virus can be passed on. This means that all members of a household must uphold the highest standard of security best practice at all times, which can be difficult to enforce for families with young children.
We are all aware that there are numerous practical things remote workers can do to secure their home offices, but this still leaves a margin for error that is not up to scratch in terms of compliance – particularly for organisations that handle sensitive data. It is clear that applying and enforcing company security policies for a fully distributed workforce may prove harder than initially thought.
The answer: Centralised monitoring and control
However, applying corporate security policies directly at the home edge is far more effective and ensures the corporate network is protected. It also means that any external devices connected to the home network are properly separated, with bandwidth prioritisation given to business-critical apps. However, executing this manually, on an ongoing basis, would place a huge burden on internal IT teams, who have already been stretched by the response to COVID-19.
This was one of the primary drivers behind our SD-HOME solution, which helps optimise the performance of business-critical applications and ensure security policies are maintained by prioritising traffic intended for the corporate network using innovative software-defined technology. This is an ideal solution for anyone currently working from an IoT-powered household, as it ensures company policies are automatically applied to any devices connected to the corporate network, allowing IT teams to retain full control of what apps and websites can be safely accessed, while ensuring business-critical applications are always allocated the bandwidth they need for optimal performance. All this can be achieved without any additional demands on IT teams' time and resources, while leaving home workers' families free to keep enjoying their apps and home devices.