We live in an increasingly connected world. More devices–in more ways that we could have imagined even a few years ago–connect to the Internet. Some 5.5 million new devices are expected to go online daily in 2016, 30 percent more than 2015. These gadgets include not only smartphones, but fitness trackers, keyless door locks, urban traffic monitors, washing machines, and cars.
This growing internet connectivity also presents more opportunities for cybersecurity breaches. Just as our world moves online, so do risks. A hacker in possession of a stranger’s personal smartphone could steal one person’s bank information — and also commit industrial espionage if that small phone also links to a larger workplace network. One entry into a cloud server could snag information from thousands of consumers — or offices.
Every office these days likely has at least one employee who wears a Fitbit or some other tracker that sends location and other information to a network. Even if you password protect your building network, your employees might use their passwords to login via their personal smartphones. These are all machines that your business is not protecting, nor protecting its network from.
One recent study of IT professionals found that 73 percent of them expect to suffer a data breach tied to an employee’s connected device, and almost as many say the manufacturers of these devices don’t offer enough security protection. Does your company have a smartphone access policy? Do you know who is connecting? If you don’t, you could be opening yourself to major security breaches. Your employees could also open up opportunities for theft of your proprietary information from their phone.
Some firms increase their vulnerability by having employees use personal phones for work or allow work machines to become essentially the employee’s personal devices. This also blurs lines about what information gets locked down, and what could unintentionally–or intentionally–come under cyberattack.
Even light bulbs may come into play. Home-based services link smart bulbs to phones and laptops for control–dim the lights for living room movie night. Or, in the case of an office, control all utilities for cost-effectiveness. Building security can go online, instead of utilizing a traditional closed circuit system. Experts expect this workplace-based IoT market to grow rapidly this year.
Manufacturing firms have machines connected to the Internet that can signal staff about mechanical problems that could impact production. But how safe is the hardware and the software that connects those machines to a business network? Who are the installation techs who have access to your network, but possibly have not undergone as stringent a background check as your employees? Risk comes from human, hardware and software elements.
“Last year, a hacker took control of the thermostats, lights, TVs and window blinds in all 250-plus rooms of a hotel in Shenzhen, China, after discovering a vulnerability in the hotel’s ‘butler’ mobile application that allows guests to control these settings with their smartphones and tablets,” as Dell’s Power More publication notes.
Whether a hacker breaches a server by a company-owned desktop or via an employee smartphone doesn’t matter — what matters is the stolen information. This is bad for business, and it could also be illegal. Businesses that don’t take precautions to lock down their networks and intellectual property could be vulnerable to legal action. Companies with overseas ties are also subject to strict laws that protect data from abroad even if that information merely passes through a foreign server.
Banning IoT devices risks angering employees and even worse, letting your business fall behind the times on technology. However, you can take steps to assess the risk your business faces from these devices, create company-wide usage policies, and educate everyone from the boardroom to the janitors, as well as outside vendors who might need access to your network.
This takes time and effort, of course. But better a little precaution now, rather than a multi-million dollar loss and lawsuits later.