Don’t sweep IoT security and training under the rug
Used with permission from Tektonika (HP)
By Karen Gilleland
When you drive home, your garage door opens as you arrive. That toy bear Santa gave your kids talks and sounds just like you. Your smart wristwatch keeps tabs on your heart rate. You love the IoT world as much as everyone else, but most people are blissfully unaware of the need for IoT security and security training—until their data gets hacked.
“Nonsense,” the victims say. “How can a garage door opener put my entire company’s data at risk?” If the device uses a web-based platform for opening the garage door, alerts are sent to a work email account, and if that password has the same root as the network password, you’ve just opened the door for hackers.
IoT toys can be dangerous, too. According to the FBI, smart toys and entertainment devices for children typically “contain sensors, microphones, cameras, data storage components, and other multimedia capabilities—including speech recognition and GPS options. These features could put the privacy and safety of children at risk due to the large amount of personal information that may be unwittingly disclosed.”
If your employees are bringing new IoT devices into the office or even just using them at home—they’re opening another avenue for hackers to leverage, because any device with an IP address can be hacked. Don’t underestimate this threat vector, and start preparing to fight back today.
Underscore security at employee orientation
Mitigate IoT risks with ongoing security training. Many businesses address security on an employee’s first day of work but stuff the topic into an avalanche of other information that often causes their eyes to glaze over. Consider this checklist when onboarding employees:
- Take timing into consideration. First, cover the items of greatest interest to new employees (i.e., pay schedule or vacation plans), so they aren’t worrying about these things when you’re talking IoT security. Security training should come after a break or lunch, so employees are fresh and ready to hear what you have to say.
- Relate the training to their specific roles in the organization. If employees in varying roles are in the same large session, break out the groups by similar functions or have information on charts that spell out areas of concern for each role.
- Use story-telling techniques. Describe a security breach and explain how the incident affected the company and how it could have been avoided.
- Explain the measures your company has in place to protect its business data.
- Set clear guidelines about what devices can be used in the office.
- Hand out printed cards with contact information and security tips.
Continue the security conversation
You’ll also want to do the following:
- Encourage employees to watch all the videos in these two thought-provoking series: “The Wolf,” which alerts employees to the ways cybercriminals penetrate print and PC environments, and “The Fixer,” which stipulates actions to take after an attack.
- Train employees about security practices internally, or purchase ready-made modules, such as those offered by LinkedIn’s “7 Essential Security Awareness Training Topics.”
- Send frequent, short, security messages, such as this “tip of the day” from Inspired eLearning: “Avoid downloading free software. Free software is notoriously susceptible to viruses and other malware. If you need to download free software, consult with your supervisor first to get authorization. Always scan any software you download for viruses, regardless of source, and be cautious during the install process.”
- Cover security topics regularly in department meetings.
- Print monthly posters reminding employees about cybersecurity.
Mitigate risks against printers
Networked printers are some of the most commonly connected devices in the world, but individuals and companies fail to secure them properly. IDC reported that printers often don’t command much attention from security personnel, as they consider the devices “only printers.” It’s assumed if a networked device, like a printer, is behind a firewall, it’s low risk—but this isn’t the case in today’s world of sophisticated malware and evolving cyber risk.
Print-related security breaches can come from inside or outside an organization. Exposure points include the device’s network ports, print/copy/scan job interception, print hard drives and memory, printed or copied documents left in output trays, or illegal use of secure media (i.e., checks, prescriptions, etc.).
Along with training, strengthen your defenses as follows:
- Complete a secure print analysis to understand your printers’ vulnerabilities.
- Insist on printers with embedded IoT security features that can detect, protect, and even self-heal from attacks—automatically.
The IoT can make your life easier, but you must take steps to avoid the dangers it also brings into play. Keep your network safe, despite IoT cluttering.