Avoid Falling Prey to Smart Device Vulnerabilities in the Office
Devices are getting smarter. Thermostats remember your temperature preferences, home security systems distinguish between friendly and suspicious visitors, and glucose monitors automatically dispense insulin to those with diabetes.
Smart devices are entering every part of our lives, including the office, where innovations such as tablets and voice-activated assistants are transforming the ways people work — but they may not be as smart as we think. To protect ourselves, individuals and businesses should be aware of four smart device vulnerabilities.
1. Security vs. convenience
IHS Markit forecasts that the Internet of Things (IoT) market will grow from 15.4 billion devices in 2015 to 75.4 billion in 2025. According to PwC, weak security protocols are the biggest threats to the industry.1 As devices get smarter, the number of vulnerabilities increases, and any device connected to the internet can be hacked. The more devices connected, the more entry points hackers have — making it harder to identify the location of a security breach.
At the DEF CON Hacking Conference in 2016, hackers crowded around the IoT Village to try their hands at breaking into smart devices, ranging from door locks and thermostats to wheelchairs and solar panel arrays. Network World reported they discovered vulnerabilities in 23 devices. Door locks could be bypassed, wheelchairs controlled, thermostats set to extreme temperatures, and solar arrays shut down or physically destroyed.
Sacrificing security precautions to save time and effort is human nature, but it leaves a smart device's vulnerabilities exposed. It's one thing to be vigilant about security with a single device, but what if your entire home is filled with smart devices? It's your responsibility to follow cybersecurity best practices.
Workplaces use vast amounts of energy to keep the lights on, power office technology and regulate temperatures. According to National Grid, “Energy represents about 19% of total expenditures for the typical office building,” equaling an annual average of $1.34 per square foot for electricity.
To reduce energy consumption and costs, offices have embraced the IoT. Thermostats are connected, smart meters help save electricity, and sensors shut off lighting, heating or air conditioning when rooms are empty. But connecting utilities to the internet makes them hackable.
Just a few years ago, GreenBiz reported on a hacker who took control of the lights, thermostats, TVs and window blinds in the rooms of a Chinese hotel after discovering a vulnerability in the mobile app that gave guests a little too much control. If your lighting system is vulnerable, your other systems are too.
IoT security is still in its early stages. To lock out smart device vulnerabilities, IT teams need to protect every device. Factor security features into your buying decisions, institute identity management for all devices, set up access controls and follow basic security best practices, such as regularly changing passwords and keeping software up-to-date.
3. Productivity and mobility
Today's workforce is highly mobile. According to research from Global Workplace Analytics, 50% of the U.S. workforce hold jobs that allow them to work remotely part of the time, and approximately 20–25% of the workforce teleworks somewhat frequently. These workplace trends mean mobile devices are essential for productivity, as people are increasingly using smartphones and tablets to work on the go.
But the surge of mobility raises questions about smart device vulnerabilities. According to the 2016 “BYOD & Mobile Security Report” from Crowd Research Partners, one in five organizations fell victim to a mobile security breach, and 39% of businesses cited security concerns as the number one inhibitor to Bring Your Own Device (BYOD) policies.
They're not wrong to be worried: In December, CNBC reported on malware called "Gooligan," which targeted Android operating systems when mobile device owners downloaded infected apps. The malware resulted in 1 million breached Google accounts and stolen information from Gmail, Google Docs, Google Drive and more.
To keep networks safe, businesses need to embrace mobile security best practices. According to Verizon Enterprise, many data breaches use legitimate user credentials with weak, default or stolen passwords.2 The lesson here? Authenticate your devices, choose complex passwords and change your user credentials regularly. Sure, these measures can be a hassle, but a password manager can help with that.
Printers are endpoints — a fact that often escapes users altogether. They're vulnerable to attacks, and they can even be more of a security issue because they're often overlooked. In a whitepaper from IDC, researchers found that 59% of companies ignore printers in their endpoint security strategy and don't consider printers or hard-copy documents as high-risk areas. Imagine a typical modern office where printers are often out of sight but are used to print sensitive documents. If breached, all that data is available to hackers.
Think that's fiction? Think again. According to Forbes, a teenage hacker in the United Kingdom, infamously known as "Stackoverflowin," created a program that accessed almost 150,000 global printers connected to the internet to point out a crucial security flaw in their design in mere hours. The affected printers began printing out messages directed at their owners, and all the owners could do was watch.
If your business is looking to address smart device vulnerabilities, begin by investing in new printers that have security features baked in and automatically monitor, detect, protect and even self-heal from attacks. For businesses that have limited IT resources, managed print services can be an effective way to maintain strong security and keep breaches at bay.
Smart devices are exciting opportunities for offices to become more productive and efficient, but your IT teams will need to prioritize device security before you can reap any benefits.