The pandemic and subsequent lockdown have dramatically increased the number of employees around the world working from home. For many organizations, this has involved the purchase and deployment of new laptops and mobile devices, changes in remote-work security policies, and adoption of new security technologies. The growth in remote work is compounded by another global trend: the rise of internet-of-things (IoT) devices at home and at work. In fact, 1 trillion IoT devices are expected by 2025, and most security teams have zero visibility into them. As consumer IoT devices increasingly share the same network as corporate devices, consumer IoT devices effectively expand the organization’s attack surface and exacerbate this growing blind spot.
Unfortunately, many IoT devices are released with serious security vulnerabilities and can be compromised easily. Without a federally enforced standard governing the security of consumer IoT devices in the US, device manufacturers have been permitted to prioritize time-to-market above security. This lack of regulation has allowed systemic issues like insecure admin interfaces, poor authentication schemes, and firmware vulnerabilities to persist across brands and types of devices. Once a smart device is hacked, the opportunities for a malicious actor to move laterally to enterprise assets or steal employee credentials greatly increases. Until meaningful legislation is passed, enterprises in the US will be entirely responsible for protecting their assets and devices from the risks associated with sharing a network with IoT devices.
While businesses may not be able to dictate what devices employees are allowed to keep on their home networks, there are still many options available to IT departments to protect company assets. Endpoint security suites provide tools to monitor any malicious IoT device traffic and can isolate device-level risk by focusing on app and data security on personally owned devices used on the home network. Employee training can educate employees on the security benefits of turning off smart speakers during company calls or how to segment their home network to separate IoT devices from company assets.
Want to learn more about how to keep your corporate assets safe in a remote work setting? Be sure to register for Forrester’s Security & Risk Global, a live, virtual event on September 22–23, 2020, where I will be presenting a session entitled, “Connected Homes Are Leaving The Doors Open To Enterprise Data Theft.”