It’s hard to believe, but we are nearly at the 10-year mark of Bring Your Own Device (BYOD). The concept of employees bringing their devices to work, let alone using them to increase efficiency in the work environment, was a radical idea in 2009. In fact, then, it wasn’t uncommon for most businesses to require team members to stow their phones in their desks, never to be glanced at out of fear of accusations of slacking off.
Today, of course, it’s expected that we all have our devices within reach, as the convenience of having a communication, data processing and information sharing tool in the palm of our hands, outweighs any fears of time wasting. Moreover, if you’re concerned about how your team members utilize their devices while on the clock, then you have apparently not developed, distributed, or most importantly enforced your BYOD policy.
The overwhelming majority of businesses who do have a BYOD plan in place, report significant advantages such as increased productivity, less time training staff and an increase in team satisfaction.
When we think about a BYOD policy, we tend to think of traditional devices such as smartphones, tablets, and laptops. However, if those are the only devices you’re concerned about, then you are leaving your business vulnerable. The Internet of Things (IoT) is here and changes how your team interacts with their devices, how devices communicate with each other, and ultimately how they affect your business. The question you have to ask is, have you prepared for the Internet of everything, that’s everywhere?
The IoT reflects the current state of connectivity in technology today and refers to any device that can connect to the Internet. The key word here is “any.” We’re grown beyond the realm of devices such as a smartphone or tablet. We are now talking about heart monitors, climate controlled devices for your home, performance devices, your kitchen appliances, your car and of course the smart speaker on your desk. If they can communicate with the Internet, and are unsecured, they are a risk to your business.
“Big Brother is watching” may be the theme of Orwell’s dystopian novel, 1984; however in the world of the IoT, there’s more than a little truth to it. Recently there was an event in which an Amazon Echo recorded and emailed a conversation to another person, all without the knowledge of people in the room. All on its own, no user interaction involved. Now, this was equipment ‘error’, but it shows how vulnerable these IoT devices can be, particularly if there are nefarious characters interested in compromising your data.
For example, hackers released Mirai, a malware that transforms IoT devices into remote-controlled bots. Once compromised, the devices are used as part of Distributed Denial of Service (DDoS attacks). The hackers get access by trying the factory default usernames and passwords, hoping the owner never changed it and as you may know a majority of people never change the default password. An IoT device that is not secure on your network means your network is unsecured as well.
With an increasing number of devices connected to the Internet 24/7 and brought to work, now’s the time to consider updating not only your BYOD policy, but your internal policies regarding security as well. Many of the technologies you have in your office, such as coffee makers, climate control solutions, and other commonplace devices may be part of the IoT. This means they are connected to the Internet and have the potential to be compromised.
Your BYOD plan needs to recognize that the days of only having to worry about the threat of smartphones, laptops, and similar devices is over: the age of IoT has changed everything. As more of your team uses IoT devices and increases the number of devices behind your firewall, there’s a higher chance of someone finding an exploit and getting through to your network. Your updated BYOD Plan should:
When it comes to smartphones and computers, updates are often ‘pushed’ to the devices, with little to no user interaction needed. This, in turn, creates a ‘herd’ immunity of protected devices, which reduces the number of opportunities for malware to take hold. Unfortunately, many IoT devices are designed to be replaced by the next big thing, also know as “planned obsolescence.” This means there’s little incentive for companies to provide upgrades. Instead, the burden is placed on the end user to look for any updates or purchase a new device. This practice creates an ecosystem of outdated and vulnerable devices being used by your team and presents a security risk every time they connect to your network.
BYOD brings many advantages to your organization, however in the case of IoT devices, it also brings additional efforts. Your IT team will have to audit any IoT devices for security flaws before they are allowed to access the network. If the devices are out of date and unsecured, your team members will have to bring them into compliance; if they are unable to, they can’t be allowed to connect to the network.
As always, your team is your biggest asset, but only if you give them the information and tools to understand what is required of them and why. As IoT devices become commonplace, many of your team members may not realize the danger to your network security their devices represent. So it’s up to you and your IT team to develop a modern, up-to-date BYOD policy which includes and accounts for IoT devices and the dangers they represent.
Your BYOD plan needs to take into account and evolve to accommodate not only how people and devices communicate now, but how they will in the future. Face it: IoT devices have the potential to expose your network to attack, and their presence will only increase; they’re not going anywhere. Please understand this fundamental concept: if the IoT device can’t be secured when on your network, then your network cannot be secured either.
The need to protect computing systems has never been more crucial to your business’ success, and one unsecured device can expose your network infrastructure to cyberattack. IoT devices, particularly those of low quality, are becoming more commonplace. They are in the pockets of your team, on their wrists and even in your office kitchen.
Now is the time to develop a plan to secure your network from this new generation of technology.
To ensure that your data is secure and accessible, our consultants provide options that will specifically meet all of your organizational demands, not only for today, but tomorrow. For more information about KT Connections’ dedication to your network’s security call us today at 605-341-3873.