It is the final week of Cybersecurity Awareness Month (CAM). This month we’ve focused on the security of connected devices at home, at work, and specifically in healthcare environments. This week the official CAM topic is the future of connected devices. In this blog, we’ll take a look at some of the things you should consider about the Internet of Things (IoT) and smart devices.
Connectivity is expanding and getting cheaper
Convenience and efficiency have driven the growth of IoT for the past several years. In our homes, it’s Alexa or a similar system that helps us control our appliances. In our cities, it’s a municipal network that helps manage utilities and public transit. Educational and healthcare organizations have campus-wide deployments that connect security systems, medical devices, student data, and more across multiple buildings that may be miles apart. Connectivity is everywhere because it’s necessary and expected.
Devices in your home
Smart home devices are more accessible and varied than they’ve ever been. Refrigerators, thermostats, faucets, teddy bears, scales … you name it, and there is probably an internet-capable version of it. These items can make life more comfortable, but every connected device is a doorway into your home network. Like any physical door in your house, you can make sure it’s locked if you know that it’s there. But unlike a physical door, your device may need updates and reconfiguration from time-to-time. If you aren’t managing the state of your devices, you can’t be sure that your network is secure.
Many people use their home networks primarily for entertainment and personal internet and email use. Even thought this is casual personal use, security still matters because:
- Malware and ransomware can steal information from your computer and destroy photographs and other files that cannot be replaced.
- An attacker can scan your network for information about your home in order to broaden the attack.
- A compromised internet-connected toy or baby monitor could be used to watch or harass your family.
- Your devices could be added to a botnet and used to attack other entities.
- Your computer could be used as a storage/sharing device for stolen or illegal files.
And all of this malicious activity will use your internet connection, sometimes bringing your bandwidth to a crawl. Securing your home IoT devices helps protect you and others from cybercrime.
Devices in your business
Smart devices in the office can be hard for IT teams to manage if there’s no central approval process in place. For example:
- An HR department installs a consumer-grade printer/scanner in a private office so that sensitive documents are not sent to a shared printer.
- The office buys a smart coffee maker that can be controlled with an app on a phone.
- A project team installs a smart TV in a shared working space.
- The maintenance team installs sensors or controls that allow them to monitor and adjust conditions in the building.
Activities like this can be done without the IT team’s knowledge if the employees know how to connect devices to the network. And this activity excludes fitness trackers and other personal items that stay with the employee rather than the building.
These unmanaged devices are in a category of risk called “rogue IT.” In the absence of proper management by the IT department, devices like this can introduce malware to the network, eat up DHCP addresses, or consume enough bandwidth to interfere with the business operations. Managing the risks associated with rogue IT should be considered just as important as managing any approved IoT, such as industrial and logistical controls.
IoT considerations for home and business
The future of connected devices is about your relationship with the Internet of Things or other smart devices that can be electronically hijacked. That’s good news because it puts you in control of how these devices fit into your home or office, as long as you have a plan.
Does it need to be connected?
Smart devices are cool. It’s convenient to have the refrigerator assist you with a grocery list and other appliances you control with your phone. It’s up to you (or your office decision-makers) whether the benefit exceeds the risk of adding that extra “IoT door” to your network.
Can it be secured?
Many smart devices can only be secured with login credentials to the app or cloud service that is used to manage the device. This is fine if it allows you to update software and turn off unnecessary services, but apps that just allow you to control the features of the device may leave your network exposed. Every connected device runs on some kind of operating system and communicates through some kind of port. Are you able to access this level of control on the device?
Can your network firewall help?
It’s easier than it’s ever been to deploy a secure firewall configuration, but many homes and offices do not take advantage of VLANs, guest networks, and other features that can isolate critical systems from IoT. If you plan to have IoT devices on your network, consider segmenting the network in a way that protects your most valuable data and devices (like that baby monitor or security system) from the coffee maker or any personal devices and rogue IT brought into the network.
Will it be supported long-term?
When you invest in smart devices and connected equipment, you usually want it to last as long as possible. You may not know what the future holds for the manufacturer or reseller of that equipment, but you should research the reputation of the brand you are buying. Ultimately, you would like to know that the software will be supported throughout the life of the device.
IoT and connected devices can be embraced as long as owners understand the risks and add the devices to their overall digital privacy/security strategy.
About Cybersecurity Awareness Month
October is Cybersecurity Awareness Month (CAM), formerly known as National Cyber Security Awareness Month (NCSAM) in the U.S. Each week of October has had a specific topic that falls within a theme. This year the theme for CAM is “Do Your Part. #BeCyberSmart,” and the weekly themes are:
- Week 1: If you connect it, protect it
- Week 2: Securing devices at home and at work
- Week 3: Securing internet-connected devices in healthcare
- Week 4: The future of connected devices
The key outcome for the month is for people to understand the risks of online connectivity and learn how to minimize those risks through better security practices.
Barracuda can help you secure your internet-connected devices and operational technology. Visit our website at www.barracuda.com/iot.
Christine Barry is Senior Chief Blogger and Social Media Manager at Barracuda. Prior to joining Barracuda, Christine was a field engineer and project manager for K12 and SMB clients for over 15 years. She holds several technology and project management credentials, a Bachelor of Arts, and a Master of Business Administration. She is a graduate of the University of Michigan.
Connect with Christine on LinkedIn here.