How to Improve Your Office IoT Security and Prevent Cyber Threats

This post has matured and its content may no longer be relevant beyond historical reference. To see the most current information on a given topic, click on the associated category or tag.

Office IoT is a rising trend that shows no signs of stopping. As the Internet of Things becomes increasingly popular in the consumer world, it’s no surprise that it’s taken a prominent new role in businesses as well. We’ve started seeing these wifi-enabled devices used on every level of business. From wireless sensors in industrial manufacturing settings to smart coffee pots, IoT security is more important than ever.

Offices that pride themselves on cutting-edge automation are switching to smart lights and thermostats, while offices that care about fast convenient security are installing wireless security cameras capable of streaming their feed over a wifi network connection.

The vast majority of these gadgets have online dashboards specific to their manufacturer and mini-operating systems. But some offices are even going so far as to install smart home hubs. This way, colleagues can control office IoT devices with voice commands. This allows employees to take a step into the sci-fi future with fun commands like “Okay Google, start the coffee” or “Alexa, reorder Big Pizza Stack.”

We’re just starting to explore the number of useful and fun things to do with IoT at work. Unfortunately, it’s not all convenience and innovation. It’s all too easy to forget that an IoT device, no matter how mundane, is always connected to the internet.

The Looming Threat of IoT Hacks

The problem with IoT devices is that they are not inherently secure. In the majority of cases, they weren’t designed with security in mind because the devices are for entertainment or convenience. After all, who needs file protection on their smart fridge, coffee maker, or light bulbs? Since many devices target consumers and are not made for a specific industry purpose, security wasn’t an issue.

This approach, however, inherently misunderstands the nature of wifi networks and the risks involved in using them. It also underestimates the amount of network security consumers might need or the fact that businesses would inevitably start implementing some of the more useful options, along with individual employee or break room devices.

Why IoT is Insecure

But what exactly makes IoT devices so insecure? Part of the problem is that there are thousands of individual manufacturing companies making IoT devices with zero consistency between them. Each device you bring into the office is likely to have a different operating system. They’ll also likely have different security measures and a different online dashboard to operate them from. Some aren’t even capable of software updates.

Unlike the car industry, where manufacturers work together to unify safety features like seatbelts, tire pressure sensors and so on, the IoT manufacturers create a completely inconsistent landscape of devices to choose from. Then, if someone hacks a device, it’s entirely on you. The manufacturers take little to no responsibility.

Dealing with that many tiny operating systems and minimal security standards is would make any IT security administrator’s head spin. While we know that hackers can and will hack vulnerable IoT devices to build botnets or gain access to company networks, most of the best solutions are clearly workarounds until the IoT industry solidifies enough to begin regulating security measures.

Securing Your Office IoT Devices

The key to securing the IoT devices currently in use in your workplace and any additional devices that find their way in later is to realize that there’s very little hope of securing one device at a time. Unless you have devices like security cameras or locks that were built to provide security, you’re vulnerable. Chances are that your IoT collection is open to unsecured web contact and certainly doesn’t come with encryption or firewalls. This means that if you or someone else in the office brought in an IoT device, it’s up to the business in question to provide the security.

While there’s no miracle cure for unsecured IoT yet, there are a number of techniques that can reduce and minimize the risks that come with these fun wifi devices. The first is to connect your IoT devices to the Microsoft Azure IoT suite, which gives each device a unique security token, something hackers can’t guess or infiltrate making your IoT devices and hub more difficult to breach.

Change All Passwords

Many IoT devices come with a small amount of security. They require an admin username and password to make certain changes or access them through the online dashboard. However, a great many IoT device owners don’t change this password. Often, it’s because they don’t even realize the setting is there.

Hackers skimming for IoT devices try known default passwords like burglars try door handles to see if any are unlocked. If you haven’t changed the password, these opportunistic hackers feel practically invited to take control of your device.

In some cases, the first sign that your IoT device has been compromised may be your own inability to access the dashboard. This happens because hackers will change the password after gaining access through the unchanged default.

You should consider additional layers of password security where they are integrated into your IoT suite. Multi-factor authentication (MFA), for instance, offers a strong solution to the password cracking problem. You can also use certificates. While a hacked IoT device would still have the same certificate, you might be able to program your IoT devices to only respond to signals that come from a certificate-holding computer.

Make a Separate Wifi Network

There are a lot of things that can happen to a hacked IoT device. There is some malware out there that will simply brick it so that it never works again. And there are others that recruit wifi-enabled devices into DDoS botnets. But there are some hackers smart enough to attack IoT devices for the juicy data that lies behind them. You, no doubt, put a lot of effort into protecting your business network. But IoT devices are open endpoints that lead directly to the network they are wifi-connected to.

When a hacker gains control of one of your IoT devices, they can theoretically access everything beyond that point through the local wifi network connection. Therefore, the solution is surprisingly simple. All you have to do is build a completely separate wifi network. Don’t just split your current network. Take time to actually create an isolated smaller network just for the IoT.

This allows you to secure the IoT separately from your important business network. Meaning, even if a hacker infiltrated an IoT device on to the network behind it, they will not find much. The data left on your IoT devices would offer minimal value to someone seeking to engage in espionage or identity theft. It also keeps your network safe from malware that might otherwise spread through the IoT devices.

Try a Hub-and-Spoke Design

One configuration that has worked well for other admins has been a “hub-and-spoke” network design for clusters of IoT devices. Essentially, you need one router that will act as a gateway and hub for the IoT devices. The gateway gets a unique IP address and access to the open internet.

But the IoT devices have internal addresses instead and can only communicate with each other and the hub without permission from the hub to access the internet. You can then control the flow of data and internet access through the hub itself. This could allow you to only open ports used by the IoT device’s dashboard programs; to block any or most incoming traffic that might try to access the devices themselves; to customize your security measures based on the capabilities of the router hub rather than the limitations of the IoT operating systems.

Limit Their Access to Sensitive Data

One risk of IoT is the fact that your devices pick up what’s considered private information. An IoT security camera, for instance, is a very risky thing to have open to the internet. Many businesses use a combination of smart sensors that might reveal sensitive data to hackers.

Depending on the IoT device, there are a number of data collections that might be risky to have hacked. When this happens, a hacker might not even need to break all the way into your business network to get information that is of use to them.

To prevent sensitive data loss through IoT hacks, limit the amount of sensitive data each IoT device can access. Also, be sure to clear stored data regularly to prevent treasure troves of data from piling up. An example might be ensuring that security cameras don’t point at monitor screens or bathroom doors.

Network Monitoring IoT Activity

If you have network monitoring software or an IT service that handles monitoring for your company, you should absolutely include your IoT devices in what you monitor. Many IoT devices may not have enough internal operating system to secure the conventional ways. But every device will have a ‘normal’ pattern of behavior that is identifiable with network monitoring. When a monitored IoT device takes communicates over the network in an unusual way, it can be a clear sign of hacking. That’s your signal to cut off the device and enact a solution.

Prepare to Wipe and Restore at Any Time

Reaching the end of your IoT security preparations, it’s important to accept that your IoT devices are vulnerable. No matter how careful you are, assume that constant hacker innovations will find a way to get through your precautions.

Even Microsoft, a monolith of business technology and data security, has taken on the “assume breach” strategy. Azure IoT support can help you both foresee potential breaches, secure your network, and detect breaches if they occur. If this happens, you want to promptly get the device back under your control and further beef up your security.

The best way to do this is actually preparing to ‘nuke’ the devices at any time. If there are any complex configurations that take some to set up, back them up if possible. Additionally, prepare to reset any device back to factory settings at the drop of a hat. You might even want a quick button or program to cut off a hack in progress. With the device wiped and configuration backups available, simply restore, reconnect, and get back online within half an hour.

The Case for Greater IoT Security at Work

With IoT on the rise and smart home hubs coming to the office, you can expect to see more of these variably secure wifi devices at work. Fortunately, equipped with the right configuration and preparation measures, you should be able to keep the business network completely secure.

For more information on office IoT security and best practices, contact us today!