You probably never expected to see a Peloton bike on your corporate network, nor a Tesla. Maybe a rogue fitness tracker here or there, but definitely not a Google Home. In post-pandemic networking, managing internet of things (IoT) security has become a maze of company-owned devices mixed with personal tools like gaming machines, speakers, and Alexa.
A new report by Ordr, entitled Rise of the Machine 2021: State of Connected Devices, sums up the situation with a stunning statistic: there are twice as many personal devices this year when compared with 2020.
It’s no surprise that consumers were becoming more connected digitally as their in-person options were severely limited. But that purchasing surge has also had an important impact on cyber security as unauthorized devices make their way onto the company network. Most companies have policies that prevent personal IoT devices from accessing the network. But they aren’t foolproof.
These problems aren’t referring to legitimate personal devices accessing the corporate network, such as through a bring your own device (BYOD) program. These are devices that have no legitimate business purpose connected to business networks.
Infoblox discovered that a third of companies responding from the U.S., Germany, and the UK have over 1,000 shadow devices accessing their network on any given day. Among UK respondents, 12% said that they could have more than 10,000 unauthorized devices on their networks on any given day.
You may wonder why a person setting up a new device at home would choose to add it to the company network, but it’s hard to know. Maybe they are in a hurry or simply don’t know the risk they are introducing to the environment. The bigger reason is probably that the lines between home and work have become blurred and even nonexistent in some cases.
In some situations, individuals may choose the company network because it offers superior performance and speed.
Pursuing Better IoT Security Strategies: The impact on the network is that additional devices increase bandwidth demand, which can then affect performance. The result is a slower network, which even at a few seconds here and there can add up to costly productivity losses.
In addition, shadow IT creates more complex cyber security risks. Companies are cautious with securing devices that will be accessing their network, but it is impossible to take those same precautions with personal devices, particularly when they don’t know they are there.
Across all kinds of cyber security problems related to IoT – such as denial of service, botnet armies, data infiltration, and ransomware – the common denominator is that access is gained through poorly-secured IoT technology. The IoT devices that are for personal use don’t tend to meet organization-level security policy.
Mitigating the Risk of IoT: Your organization probably already has a policy on personal IoT devices on the company network, but enforcing it is another matter. It’s important to communicate your policy and do so on a regular basis, including mention of specific types of devices not allowed on your network. You can also request that employees check their home devices to make sure none are connected on your network. Reduce the number of support calls by publishing instructions for how to check connectivity on the most commonly-used home devices.
Next, you will want to use an on-premise IP address management system to identify all devices connected to your network. Then, get in touch with employees connecting unauthorized IoT devices to the company network.
Make It an Annual Event: Whether you include cyber security as an annual spring cleaning initiative or kick off each new year with a reminder about IoT security, it’s a good idea to regularly revisit your policy around home devices.
When IoT security issues are threatening your network speed and performance, you need practical solutions that help you identify technology quickly. Contact us at ITBroker.com to learn more.