Do Not Bring Connected Devices to Work Without Permission

Our lives are filled with an array of devices, from smartphones and tablets to smart speakers, connected appliances, fitness trackers and more. These devices make it easy for us to perform a wide range of tasks, but they also create significant security risks.

Smartphones and tablets have security features that protect them from attack if they are kept up to date. However, Internet of Things (IoT) devices typically do not meet stringent security standards. Often, they have limited memory and processing power, making it difficult or impossible to install security controls. Users seldom apply patches and updates, if manufacturers even issue them.

IoT devices are easily discoverable on the network, making them highly vulnerable to cyberattack. Hackers can use IoT devices to gain access to the network and from there introduce malware, steal data, and compromise systems.

Employees should not bring these devices to work without permission from the IT department. If the IT team does not know about these devices, they cannot take steps to secure them.

To protect yourself at home, follow these best practices:

  • Change the default username and password on every device. Give each device a unique name and a strong password that is difficult to detect. Do not reuse passwords — hackers often use passwords stolen from data breaches in brute force attacks.

  • Use two-factor authentication if the device offers it. Some devices will send a code to your smartphone for additional authentication.

  • Take advantage of any security features available on the device. For example, set the device to lock after a certain number of password attempts, and use encryption if it is available.

  • Check the privacy settings. Make sure your smart TVs, security cameras and voice assistants are not snooping on you and sending video and data to the manufacturer.

  • Keep your device up to date. Visit the manufacturer’s website to find out if there are any updates to the firmware. If you access your device through an app on your phone, always use the latest version of the app.

  • Make sure your router is secure. Change the default username and password, enable encryption, use the strongest available wireless security, and keep the hardware and software up to date.

  • Disconnect devices you do not use, particularly older devices that may be out of date.

  • Disable unused features on connected devices.

BlogJack CohlmiaConnected Devices, Network Security, Business Security