How many connected devices have you added to your household since March 2020? Be sure to count fitness trackers, speakers, gaming machines, and even your Tesla, if there’s one in your driveway. Were you one of the many people who waited months for a Platoon? Don’t neglect your new bike. Now add all your voice assistants, such as Google Home and Alexa. One more thing: don’t forget to check in your children’s rooms. These can make a difference to your employer’s IoT security.
During the pandemic, many people bought new connected devices for their personal entertainment and to make their daily lives easier. order report Rise of the Machines 2021: status of connected devices –IT, IoT, IoT and OT found that there were twice as many personal devices this year as in 2020.
IoT security from home to work
These devices have an impact on cybersecurity. Yes, most companies have a policy that employees are not expected to connect Internet of Personal Things (IoT) devices to the work network. But that doesn’t stop everyone. The Ordr report found that many businesses have unauthorized personal devices connected to their network (called phantom devices) at some point. These are not legitimate cases of bringing your own device (BYOD), such as using your home phone for work, but rather devices connected to the Internet for no business purpose. (BYOD security should be of concern to you as well, but it’s not exactly the same as these unintentional logins.)
Infoblox found that one-third of businesses in the US, UK, and Germany have more than 1,000 phantom devices connected to their network in a typical day. In addition, 12% of UK organizations report having more than 10,000 phantom devices every day.
What makes someone decide to connect their Peloton to their professional network? And why aren’t organizations actively controlling this? It’s hard to know for sure. Work and home have faded in the pandemic, which has lasted for nearly two years. It follows that some of the connections that endanger the security of the IoT are errors. Others are probably on purpose. For example, users may want higher performance and higher network speed. I mean, who wants a frozen screen during a workout?
Performance and security of the corporate network
How does this situation affect the IoT security of the corporate network? Not surprisingly, increasing the number of devices requires more bandwidth, which affects network performance. It also exacerbates the existing problem of Zoom meetings taking up more bandwidth and causing network issues. The result is slower response times and delays in applications. A few seconds here and 10 seconds there seem small. However, the time spent by thousands of employees throughout the day quickly adds up to a significant loss of productivity. Not to mention those employees who feel they don’t have the tools – a fast, reliable network – to do their jobs well are likely not to be as satisfied and engaged with their jobs or with their employers.
Personal devices connected to corporate networks create security risks. In what way precisely? While organizations focus on IoT security for connected, business-related devices, they don’t take the same precautions with personal devices. After all, in most cases, they don’t even realize that the devices are connected to the network.
The Infoblock report details security issues caused by ghost devices, including data infiltration, direct denial of service, botnet armies, and ransomware. While each type of attack is a little different, all have a common theme. Attacks start by breaking into a poorly secured IoT device. Most IoT devices designed for personal use do not meet corporate security requirements. In other cases, the user does not properly configure and secure the device.
Is the increase in cyber attacks since the start of the pandemic linked to phantom devices? Maybe, but it’s hard to say.
How to Mitigate Overload and Risks
Most organizations already have a policy prohibiting personal devices on the corporate network. Now companies must apply these existing policies. If you don’t have a specific IoT security policy, now is a great time to write and deploy one. The phantom device problem will only become a bigger problem from here on out.
Communicate the new policy or remind employees of the existing policy. This way people can (hopefully) disconnect their phantom devices from the network on purpose. Make sure to include specific types of devices. Additionally, have everyone check all connected devices in their home to make sure none are mistakenly connected. You can increase compliance and reduce support calls by including instructions on how to verify connectivity of common devices.
Once everyone is aware of the policy, the next step is to gain visibility to all devices connected to the network. Many organizations use an on-premises IP Address Management System (IPAM) to facilitate this task. Once you know all the connected devices, you can determine which employees still have unauthorized devices connected to the network. You may need to verify the IP addresses. Then you can get in touch with these employees directly to remove these devices.
Make IoT Security a New Year’s Resolution
By continuing to monitor all connected devices and keep track of ghost devices, you can improve the performance and security of your network. However, the addressing of phantom devices is not a one-time event. You will still need to regularly monitor and track personal devices connected to the network. Lots of people get new connected devices for the holidays. So, consider sending another communication when employees return to work the following year. You should then keep a close watch on the devices during the first weeks of January. This way you can make sure that all employees have followed the instructions you provided.
It is unlikely that you will be able to remove all ghost devices from your network. However, all organizations can significantly reduce risk and impact through education, monitoring and tracking.