The smart workplace
The internet of things (IoT) has finally made its way into organizations. The number of businesses that make use of IoT devices has increased from 13% in 2014 to 25% in 2019, with the total number of connected devices expected to reach 43 million by 2023 (McKinsey). These smart infrastructures and devices help us get our jobs done with less time and effort.
IoT devices used in the workplace can be grouped into three major categories: smart infrastructures, smart home devices, and smart business assistants.
Smart infrastructures monitor and control the office environment. For instance, climate control systems automatically adjust the temperature and humidity, providing a cozy workplace for the employees. Office security and alarm systems keep the office safe from theft.
Smart home devices make life easier for employees. These include tools like smart speakers, coffee machines, motion sensors, and cameras. There are even smart chairs that alert you if you have been sitting for too long and gather your data to improve your habits. Some of these devices help increase productivity, while others are simply novelties.
Lastly, there are smart business assistants. These tend to be specifically designed for conducting business. Examples include video conferencing devices, wireless projectors, and AI assistants.
Fancy IoT devices for the office
Below is a list of popular IoT products commonly used in the office:
August Smart Lock: This smart lock allows you to secure and manage your door with your smartphone. It tracks every movement of the door and keeps a record of when the door is opened. You can lock the door anywhere through a mobile app, so that you would never need to carry any keys anymore.
Ecobee Smart Thermostat: Ecobee’s smart thermostat allows you to control indoor temperature from your smartphone so that you can preheat your office before arriving. It allows separate adjustment for each individual room and sends push alerts on sudden temperature changes. These features make it highly eco-friendly, saving an average of 23% on annual energy costs.
Philips Hue Lighting: Many people are familiar with this one. Philips Hue allows you to adjust the brightness, temperature, and color of the lighting in your office to best suit your needs. Just like all other devices, it can be controlled remotely. It is also equipped with sound sensor and voice control, saving you time and energy.
Atmoph Window: This is a great product for those working in offices with poor lighting. Atmoph Window is a virtual window that displays high-resolution sceneries just as if you are looking out a window. You can use them to decorate your office with the images of your choice.
Smarter Coffee: This is a smart coffee machine that allows you to brew coffee remotely through a mobile app, with plenty of customizable options including temperature and strength adjustment. This is especially helpful when you have a large office where employees wait in line in the kitchen.
Alexa for Business: Amazon’s Alexa for Business is a digital assistant that responds to all kinds of employee requests through voice recognition. It helps employees schedule meetings, book meeting rooms, add events to their calendars, and so on. It keeps track of all attendees of a meeting and automatically dials into the meeting at the scheduled time. It also unbooks a meeting room when the room is left unattended after the scheduled time, significantly increasing room utilization and productivity. The Alexa Echo smart speakers also allow staff to order office supplies.
Beam Projector: These are small portable projectors that work like lightbulbs. All you need to do is insert it into a lightbulb socket so that it can project the images and contents from your smartphone.
Where things go wrong
From critical infrastructures to small digital assistants, most of the IoT devices bought in the market have little or no security controls, making them easily hackable. Building management systems can be hacked and controlled by third parties; imagine your doors unlocking by itself, or that your heating system suddenly turns off during the middle of the winter. On a smaller scale, a hacker who breaks into an AI speaker can easily extract all the noises and conversations picked up by the speaker.
What’s more troublesome is the danger IoT devices pose to the network. The increased presence of IoT devices in the workplace is giving IT managers headaches. The more connections there are, the more vulnerabilities there exist, and the more endpoints needing protection. A chain is only as strong as its weakest link – no matter how secure 99% of your network is, that 1% weakness is enough to bring down the whole network.
Many devices connected to the corporate wi-fi are brought in by the employees without notifying IT management. A vulnerable device acts as a backdoor for the entire network. According to a recent analysis by Zscaler, the most common unauthorized IoT devices found on the corporate network included digital home assistants, TV set-up boxes, IP cameras, smart TVs, smartwatches, and even automotive media systems. They could be exploited for all kinds of attacks. Hackers could install malware onto the network, or take control of other IoT devices to launch distributed denial of service (DDoS) attacks.
Corporate security in the IoT era
As a business, blocking all IoT devices from connecting to your network is clearly not an option. Nevertheless, there are measures businesses can take to protect themselves from IoT exploitation.
1) Identify and assess all devices on your network. The first step at protecting your network is to understand it. Make sure you have information on all devices, including their models, operating systems, and the applications and processes installed on them.
2) Segment your network. This is the most important step! The network must be divided into multiple segments, in which IoT devices should be kept in a separate segment from PCs and internal servers. Firewalls must be placed between each segment to prevent an attack in one segment to affect the others. IT consultant Daniel Schwartz used DMZ as an analogy – think of the relatively insecure segment as a demilitarized zone (DMZ), where those behind the zone have access to the zone but are still separated from it.
3) Authenticate new devices. Every new device joining the network should be registered and authenticated by IT management. Always monitor these devices to see if they behave similarly to other devices. A hacked device might look the same but will behave differently.
4) Immediate response. Whenever a breach is discovered, an automated response must be put in place to block the compromised device from the network within seconds.
5) Change your IoT device passwords. Many IoT devices have the same default passwords. Many users are unaware of the security risks behind it and continue to use these default passwords. This is why it is especially important to make sure all devices connected to your network have robust passwords set in place. In fact, the United Kingdom is proposing a new law requiring all IoT manufacturers to assign unique passwords for each device made (Threatpost).
In the connected age, corporate security means securing everything that is connected to your network. IoT security must be taken seriously as we hand over more autonomy and decision power to devices and robots. [Penta Security’s IoT solutions secure all kinds of business environments, providing authentication and encryption for your IT system. Read more about: IoT security.]
Check out Penta Security’s product lines:
Web Application Firewall: WAPPLES
Web Application Firewall for Cloud: WAPPLES SA
Database Encryption: D’Amo
Smart Car Security: AutoCrypt