As millions of employees across the world work from home because of the COVID-19 pandemic, IoT security has become more critical than ever as cybercriminals look to exploit the situation.
Over the past few years, many organizations already have put security controls and measures in place that ensure only authorized users can access and configure IoT devices. However, with hundreds, sometimes thousands more remote workers to manage, the dynamic has changed. Employees must now understand the importance of IoT security and have the proper defense mechanisms in place and tools at hand to protect themselves and their organization against potential threats.
Here are five security tips for remote workers to abide by when engaging with the online realm:
- Turn on security features – and use them. In many situations IoT devices have security features disabled or turned off by default in favor of ease of use. This, along with default credentials that never get changed, creates the perfect opportunity for cybercriminals to take advantage of an IoT device’s lack of cybersecurity. By researching and implementing as many security features as possible on each IoT device, along with using long unique passwords, users can easily enhance the security measures of such devices.
- Keep certain IoT devices connected on separate Wi-Fi networks. Connect IoT devices such as a Ring device or a Nest Cam to a separate Wi-Fi network. This will help isolate the home office (and work devices at home) from any potential threats or risks that may arise within these types of IoT devices. Additionally, by using a password manager when setting up such devices users can ensure that default or weak passwords are changed by selecting long complex, system generated passwords for these accounts.
- Use multi-factor authentication. When configuring an IoT device, a user should consider using two or multi-factor authentication (2FA/MFA) to access a device. Typically, these are a combination of passwords, numerical codes, or biometrics. Many people already use tools like the Google Authenticator for 2FA, and other products are coming out that let workers use a smartphone to authenticate with a fingerprint or via facial recognition. By requiring two or more security controls to authenticate an identity, it adds an additional layer of protection. Leveraging multiple security controls instead of one simple password means the authentication process remains secure even if one of the authentication factors becomes compromised.
- Read the instructions. When setting up a new IoT device, it’s imperative that users familiarize themselves with what security features are available and know of any potential risks. This includes whether the device has a web camera, microphone or default usernames and passwords. If the device has a webcam, consider the location of the device and whether to cover it up. For the microphone, if it’s always on it’s also possible to modify the default wake command. For passwords, change to a unique long passphrase. Also check whether any software updates are required and set the auto update feature to ensure that the latest versions are running.
- Shut down devices when offline. When devices are not in use, they should be completely powered off. This will help ensure they cannot be hacked or abused when left unattended. It’s not enough just to put a device into standby mode. Sometimes, users have to simply turn the power completely off to reduce the risks. It’s especially true for any devices with a security camera. For all iPads and laptops, it’s a good idea to put a piece of tape over the camera when not in use. For mobile devices, having a protective cover that also covers the camera will protect the screen and the camera from taking unsuspecting photos.
Of course, it goes without saying that if IT departments are going to place more of the burden on the workforce, that over time they have to set up more robust support desks or self-service functions so home workers can get access to FAQs and product documentation. While it looks like we are slowly coming out of the Covid-19 period, work-from-home will be the norm for many people for several weeks and months. And when life returns to normal, workers will find that these security tips are good life skills for the future as more IoT devices come into the home.
Joseph Carson, Advisory CISO, Thycotic