In a Gartner report, 3 in 4 organizations surveyed planned on moving at least 5 percent of their workforce into permanent remote roles post-COVID-19-pandemic. 1 in 4 want to move 20 percent or more. While there are compelling benefits of remote work, there are substantial risks as well. Few are as formidable as vulnerabilities due to IoT devices.
3 in 4 organizations plan on moving at least 5 percent of their workforce into permanent remote roles post-pandemic
To work remotely, employees must connect to the enterprise. They will do that through a home Wi-Fi network that happens to host their IoT devices too. It is best practice to have your remote working employees connect to and through a different Wi-Fi network from IoT devices in their homes. Even the FBI recommends it.
Here are the reasons why.
1. Prone to Malware Infection
Home Wi-Fi networks do not enjoy the sophisticated, current, and strict cyber protection of enterprise networks. They are unlikely to deploy firewalls and may have the least expensive, most vulnerable, least patched and least supported routers and IoT devices. All or most of the devices on the network may be accessible over the public Internet. This makes them more prone to malware infection.
It is possible for such malware to jump from home IoT devices to the work computer and onto the enterprise network. Worse, some remote working employees use their own computers and not pre-hardened, company-issued ones. They are not under obligation to conform to a strong password policy. There is no one to check that random USB drives are not plugged into the work computer.
2. Easily Accessible Device Management Interfaces
The most destructive DDoS attacks in recent years rode on the vulnerability of everyday IoT devices such as digital cameras, microwaves, refrigerators, and electric kettles. Home IoT gadgets are less secure than their more conventional computing counterparts.
They have weak or default passwords that allow easy access to their management interfaces. Even your home router could have inadequate protection and inadvertently expose services that would otherwise be blocked by an enterprise firewall.
3. Minimal Human Intervention
One of the traits that distinguishes IoT devices from non-IoT like computers and smartphones is the little to no human intervention required for their operation. Such autonomy is an efficiency advantage but also one of the key drawbacks from a cybersecurity standpoint.
Since no one is actively checking the activity taking place on these devices, a breach may take weeks, months or years to discover. In the worst case, it may never be discovered, especially because a home network is not subject to the same scrutiny as a corporate network.
4. Numerous Entry Points
In the past, typical devices connected to the average household’s home network were a couple of computers, smartphones and/or printers. This already presents a formidable threat surface that bad actors could leverage in multiple ways to gain entry. IoT devices are multiplying potential points of entry several fold.
IoT devices are multiplying potential points of entry several fold
The number of IoT gadgets is rapidly dwarfing non-IoT devices connected to the Internet. From smart TVs and smart watches, to thermostats and light bulbs, attackers have multiple paths to choose from to infiltrate your home network. As long as the IoT devices are on the same network as the remote work computer, those threats can make their way into the corporate network.
5. Weaker Network and Privacy Protection
Your home network is likely not as protected from and monitored for dangerous or suspicious behavior by other users and devices on it. It’s bad enough that your IoT devices are not secured from infiltration and hijacking. This is further compounded by the absence of security alerts that let you know a breach has occurred or that there is an active threat on the prowl on your network.
There are also significant confidentiality and privacy concerns due to virtual assistants such as Google Home and Alexa. These assistants can pick up confidential business conversation an employee may engage in as part of their work.
When evaluating the risks of remote work, organizations tend to focus on the core topics of employee productivity, business continuity and the infrastructure needed to facilitate it. They however cannot afford to ignore the elevated cybersecurity risks that remote work comes with as staff move to an environment that is not under as stringent controls. Without applying appropriate security measures, the organization could be exposed to data breaches, system sabotage, account takeovers and fraud.
IoT devices represent one of the key weak points of the home Wi-Fi network. Requiring that employees move their IoT devices to a different network is an important step in lowering the risk.
If you are looking to better protect your remote workers from cyberattack including helping them move their home IoT devices to a different network, call or email us.