New data shows just how badly home users overestimate IoT security

A new survey from the National Cyber Security Alliance (NCSA) shows adult workers vastly overestimate the security of the internet devices in their homes.   

As COVID-19 forced companies to embrace remote working, home networks transformed into office networks. That's proving a problem for chief information security officers.   

“You can’t just assume that people know how to stay secure in this moment,” NCSA chief operating officer Sylvia Layton told SC Media.   

The survey polled 1,000 adults – 500 aged 18-34 and 500 aged 50-75 – and found that the overwhelming majority of both believed the internet of things devices they owned were secure.   

Since the boom of teleworking earlier this year, experts have warned that home networks create business risk. While the survey was for all adults, not just teleworkers, it provides some concrete data on just how much risk is hiding at home.  

IoT devices, particularly those that are cheap, outdated and hard to upgrade, are widely considered to be an easy target for hackers.  Yet 87 percent of the younger group and 77 percent of the older group said they were either “somewhat” or “very confident” in the security of their connected things.   

“It’s surprising, but the older generation was more risk-averse,” said Layton.   

Another finding from the same survey: 17 percent of the younger group and 37 percent of the older group said they did not regularly check or install updates (either claiming never, every 2-3 months, or “maybe if an auto-update happens.”) In many companies, especially in smaller companies, employees are using home computers rather than office issued computers – leaving updates completely in their own hands.   

Layton suggests CISOs better train employees for the rigors of working from home. Dmitriy Ayrapetov, vice president of platform architecture at the distributed office security vendor SonicWall, said CISOs might want to suggest employees segment home networks to isolate office computing.  

Segmenting networks would be key to blocking hackers from leveraging an IoT foothold in a home network to disrupt office networks. But that can be either too complex or too much of a hassle for many employees. An alternative, said Ayrapetov, would be offering employees access points.  

“A year ago, of course, you had some people working from home, but it was a self-selecting group who knew what they were doing, had office laptops and weren’t sharing a laptop with their kids e-learning,” saidAyrapetov. “A lot of small and medium-sized business got yanked five years into the future by quarantine.”   

prestitial ad