Editor’s Note: A version of this article previously appeared on CapinCrouse’s website. It has been reprinted here with permission.
October is National Cybersecurity Awareness Month. The national nonprofit accounting and consulting firm CapinCrouse is providing information and tips to help you increase your cybersecurity awareness and reduce the cyber risk for yourself and your organization.
SMART DEVICES IN THE HOME AND OFFICE
Last week, the Department of Homeland Security focused on Cybersecurity at Home. And one of the fastest-growing cybersecurity risks in the home can also be a big risk in the office: Internet of Things (IoT) devices.
These are “smart” devices that communicate on the Internet. There’s been explosive growth in the number of IoT devices available, from thermostats, security cameras, and wireless printers to smart speakers like Google Home.
What’s the risk?
- Users tend to “set it and forget it,” which means IoT devices are often overlooked as a cybersecurity risk. Watch as a 12-year-old demonstrates how IoT devices can be hacked.
- Many of these devices can’t be patched.
- Hackers can use IoT devices to:
- Gain access to your organization’s network and other devices on it, and
- Take over devices like security cameras and webcams to monitor activity or use them in malicious acts such as DDoS attacks.
How to reduce your risk
- Keep IoT devices on separate, secure networks and make sure your router is secure.
- Create an inventory of each IoT device connected to your organization’s network, then assess and secure each one:
- How does it connect to the Internet?
- Can it be disconnected when it’s not in use?
- Have default usernames and passwords been changed (if possible)?
- What information does it collect? How is the data stored and transmitted? Can you opt out?
- Does the manufacturer make firmware and software updates available?
- Create policies for IoT device use in your organization.
- Have a plan for installing security patches and software updates.
- Have your IT department configure network firewalls to block unauthorized IP addresses and disable port forwarding.
- Watch for any unusual network activity.
- Purchase IoT devices from reputable manufacturers that provide strong security.
- Develop a strategy for disposing of IoT devices that can no longer be updated or patched.
This content is designed to provide accurate and authoritative information in regard to the subject matter covered. It is published with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional service. If legal advice or other expert assistance is required, the services of a competent professional person should be sought. "From a Declaration of Principles jointly adopted by a Committee of the American Bar Association and a Committee of Publishers and Associations."
Due to the nature of the U.S. legal system, laws and regulations constantly change. The editors encourage readers to carefully search the site for all content related to the topic of interest and consult qualified local counsel to verify the status of specific statutes, laws, regulations, and precedential court holdings.