This blog was written by an independent guest blogger.
Businesses that allow employees to work from home are more likely to encounter a new security threat — compromised smart home devices.
Smart technology connected to an employee’s home network, like smart thermostats, appliances, and wearables, can all fall victim to hackers. Workers that join their employer’s network remotely can unwittingly allow compromised devices to open the doors to hackers.
The right IT policies, training and technology can help businesses counter smart home device breaches.
Why hackers target smart home devices
Attacks against smart home devices are rising fast. There were more than 1.5 billion attacks on smart devices in the first half of 2021, with attackers generally looking to steal data or use compromised devices for future breaches and cryptocurrency mining.
IoT devices are often not as guarded as laptops or smartphones and are easier to breach. They may not be updated as frequently, making them vulnerable to well-known exploits. Users may also not notice unusual activity from an IoT device as readily, allowing hackers to use it as part of a botnet or further attacks.
At the same time, the number of smart home devices is growing fast. Consumers have access to a growing range of IoT appliances, including smart refrigerators, lightbulbs, coffee makers and washing machines. The smart home device market is expanding quickly, making it a fast-growing target for hackers.
As a result, smart home technology is a prime target for hackers who need devices to stage an attack or want to break into otherwise secure networks.
Protecting business networks from smart home security threats
Employees are ultimately responsible for their home devices, but a wider range of people and organizations can take action to make them more secure. Employers, IT departments, managed service providers (MSPs) and communication service providers (CSPs) have the power to improve safety.
Some IoT device security stakeholders, like CSPs, can also provide risk mitigation to customers who may not receive security support from their employer or IT team. Employers and IT departments can work with CSPs to cover aspects of home device security that they may not be able to manage on their own.
The right WFH policies and employee training can help protect business networks from an attack that uses smart home devices. In most cases, a combination of approaches will be necessary.
One popular strategy for securing WFH employee smart devices includes appointing an internal organizational member responsible for monitoring IoT security. They should require WFH employees with smart home devices to follow best practices, like automating updates and ensuring they are digitally signed.
Requiring home IoT devices to have a Secure Boot feature available and enabled will also be helpful. This ensures that the device’s bootloader executable is genuine and has not been tampered with, initiates basic logging and checks for available firmware updates.
This feature provides an excellent foundation for IoT device security and helps automate device updating. Secure Boot also lets IT teams verify that employee smart devices are not compromised.
It’s also important for an organization to formally determine its IoT risks and build a security policy. Companies that don’t know what kinds of dangers they face won’t be able to create a set of rules and requirements for WFH employees that keeps devices and networks safe.
Make sure IoT devices don’t become a security threat
Smart home devices are increasingly popular, but they can create significant security risks for employers. Having the right IT policy will help companies manage these risks.
A well-documented IoT policy that remote workers can follow, Secure Boot devices and a designated IoT security manager will make it easier for businesses to protect their networks from smart device security threats.