The final week of National Cybersecurity Awareness Month (NCSAM) ends an already spectacular month in a bang with a dive into the future of connected devices. This week, we take a look into the recommended remediation strategies for IoT devices present on a teleworker’s home network.
2020 has certainly been a year that has tested our ever-encroaching state of hyper-connectivity to an extent that has not been seen before. With many employees working from home, most of which are often connecting to their own personal networks with employer-furnished devices, one question should be on the forefront of everyone’s mind: What kind of risk does this introduce? Although that is quite a large question, there are a few things that can be done in order to mitigate risk here, specifically regarding IoT devices.
It’s no secret that IoT (Internet of Things) devices are typically insecure. In fact, it is widely accepted that security is not integral to the development process for many of these devices. Many of these devices are simply not ready to be internet facing, at least from a security point of view. This, along with the fact that we live in an age where your refrigerator, TV, and wristwatch might need an IP address, amalgamate into a single point: home networks with IOT devices are likely ever-expanding attack surfaces that would make a bad guy in a hacker hoodie throw up his fingerless-gloved hands in celebration as he read through vulnerability scan results. Throw a company laptop into the mix, and I think that you can see the downhill spiral.
What can I or my employees do?
- Keep your devices up to date with the latest software and/or firmware updates.
- Patching is important! Check for updates periodically and enable automatic updates if possible.
- Change the default password if applicable. The default password on ANY device should always be changed. All it takes is a simple google search for your adversary and, if the default password is still correct, that device is compromised.
- Passwords should be strong and complex. No, the one that you’ve used for the last 3 years doesn’t count. Make it stronger.
- Consider putting IoT devices on a separate network if possible.
- Strong password still applies here. Seriously, change your password. It’s been 3 years.
- Research security flaws before you buy.
- Remember the last article you saw that mentioned X product has Y critical vulnerability? Yeah, don’t buy that one.
- Haven’t used it in a while? Take it off the network!
- That internet-enabled toaster that you got as a gag gift last Christmas and haven’t used once? Consider taking it offline. You probably won’t miss it, and your security posture will thank you.
IoT devices are certainly the future of interconnectivity. However, due to the whirlwind sprint that capability took over security, there are plenty of considerations to be had when incorporating them into your home network.