How To Protect Your Business Against IoT Security Risks

January 17, 2018

Ten years ago the Internet of Things (IoT) was nearly an unheard of term. The only people discussing IoT were highly technical individuals and the everyday uses of IoT weren’t yet clear. Fast forward to 2018 and IoT is a household term with dozens of home and business uses. In 2017, IoT devices outnumbered people in the world with an estimated 8.4 billion connected devices. That’s no small feat, and IoT is expected to keep growing - by 2020 an analyst firm Gartner predicts 20.4 billion connected devices.

As the uses of IoT devices continues to expand, businesses have started to incorporate IoT into their office spaces. Visit a modern office and you are likely to find an IoT device like Amazon Alexa, remote thermostat, or smart lighting, to name a few. IoT has made many parts of managing offices easier, but like any new technology, it comes with security risks that are often overlooked.

Potential Security Risks of IoT Devices at Work

A few benefits of IoT devices are their ability to collect data, analyze it and provide opportunities to save money or optimize a living or working environment. These data hubs are creating more and more opportunities for breaches and leaks. The massive amounts of data that IoT devices collect opens up more access points into the devices. If hackers find a way to connect to these smart devices and disable or weaken them, it can compromise an entire internal network.

Many companies are jumping on the IoT bandwagon without fully realizing the security implications that come from smart devices and the measures it requires for them to be secured. While it is important to secure the devices themselves, IoT security requires significant planning. To by truly secure, businesses must develop policies for how devices are used and guard the software devices interact with.

With these security risks in mind, we’ve compiled a list of our favorite IoT systems for businesses, risk mitigation strategies and options to help secure your office.

Top IoT Devices for Business Use

1. Smart Locks

Smart locks have several advantages over traditional locks in an office building. In today’s modern office spaces where employees frequently work varying schedules, smart locks allow management to grant individual access to employees. Smart locks like RemoteLock can be managed remotely and supply a full usage report to see who has come and gone.

Better yet, large businesses with multiple buildings or campuses can create zones for each employee, and grant them access to only the areas they should be entering. Have an employee leave the company? Instead of disrupting the whole office by changing one shared code, simply remove the accessibility of that individual’s code.

Like all IoT devices, smart locks aren’t without risks. According to a study conducted in 2016, of sixteen smart locks tested for security, twelve locks could be opened when wirelessly attacked. Many of these locks had flawed encryption and some were even simpler to crack.

That being said, even traditional locks pose threats of being vulnerable. The best way to ensure security with smart locks is to do your research. Locks are continuing to improve and information is out there about which locks to avoid and which appear to be “uncrackable”. Consider consulting with a security expert to determine which shortcomings to be on the lookout for.

2. IP Security Cameras

Security cameras are useful for detecting suspicious movements around the office or for reviewing footage after a break-in. The benefits are plentiful, just like the options. The Nest Cam Indoor offers 24/7 streaming while the Samsung SmartCam allows for two way communication. If not properly secured, IP security cameras can have disastrous ramifications. Because IP security cameras frequently use radio-frequency signals that are not encrypted, attackers can send false signals to access the system and disable smart devices that are in place to protect your business. The FTC offers tips on choosing a secure IP camera and best practices for mitigating risks.

3. Smart Thermostats

Would your office benefit from a thermostat that can be controlled remotely, monitors occupancy and adjusts temperature according to occupancy habits? We think most offices would. Smart thermostats make it possible. Thermostats like the Nest Learning Thermostat help you save money and keep the office comfortable.

Like many other IoT devices, if not secured, smart thermostats can be an entry point into other devices and business systems. In 2016, hackers created the first ransomware for smart thermostats to prove a point - IoT devices are vulnerable. Luckily, security advancements are being made on these devices. In March, Nest rolled out two-factor authentication on its devices. To keep your thermostats and other smart devices safe be sure to update software often.

4. Smart TVs

Apple TV and other smart TV’s make connecting easy. Smart TVs can run dozens of applications through WiFi and businesses use them for meeting rooms, lobbies and conference rooms. Because smart TVs are connected to WiFi, they can open your business up to potential breaches such as remote access of the audio and video through the TV.

5. Voice Assistants

Voice assistants are widely used and there are a lot of useful functions to incorporate into your business. They improve productivity, collaboration and can get the creative juices flowing. Digital assistants like Amazon Alexa and Google Home can help employees create to-do lists and prioritize tasks, save time by automating simple tasks and give reminders about upcoming due dates or meetings.

Digital Assistants are designed to make life easier by integrating with commonly used applications and devices, but this is also one of the security pitfalls of voice assistants. The more devices your digital assistant is connected to, the more access criminals and hackers can gain. There are best practices to help limit the potential security risks. According to NBC, to keep your Voice Assistants safe from security breaches, you’re encouraged to:

• Avoid connecting accounts/devices you won’t use, or accounts that hold sensitive information.
• Mute your voice assistant when it’s not being used.
• Use strong passwords to keep others from accessing your voice assistant, changing settings and listening to recordings.
• Have a separate network for your voice assistants and other smart devices.

6. Power over Ethernet Smart Lighting

Power over Ethernet is the future of smart enabled buildings. PoE devices connected to Ethernet using Cat5 cables allow for many systems to be networked together. They reduce energy consumption and report on energy saving opportunities. Igor’s Power over Ethernet lighting technology allows multiple lights to be networked and communicate with each other.

PoE not only saves money on energy consumption, but also cuts installation costs and improves the workplace environment. With Igor’s Software Gateway 2.0, white light can be tuned to optimize a workspace for productivity, energy saving opportunities are identified to help cut lighting costs by up to 85% and an open API allows developers to create applications that enhance Igor’s technology for use in the digital ceiling.

For IoT to work, security must be a top priority of any service provider. Igor’s technology takes security risks seriously, frequently coming out with solutions to new challenges in cybersecurity. That’s why Igor believes all PoE technology companies should, at the minimum, meet these recommended security thresholds:

1. Continuous software updates to patch bugs, and address known vulnerabilities.
2. On-premises data logistics software should also protect and monitor the IoT network, and isolate external threat entry points as a firewall would.
3. API access compartmentalization using keys and tokens.
4. Secure network communications using standards.
5. Secure inter-application authentication.
6. Eliminate multicast or broadcast messaging over the IP network.
7. Ensure regular security vulnerability scans on the IoT software.

What’s to Come for IoT and PoE in 2018?

We’re excited to see how IoT and PoE technology grow in 2018. With countless opportunities for IoT devices to simplify life and improve productivity, we expect 2018 to bring some great new devices to market. One thing’s for sure - security is a hot topic in IoT and PoE and we don’t expect that to change. 2018 will bring with it new security advancements in some of the most popular smart devices and new challenges in cybersecurity posed by IoT.

Want to Learn More About PoE and Its Role in IoT?

Power over Ethernet will revolutionize smart buildings as we know it. Want to discover the power of PoE? Sign up for our newsletter for all the latest industry news and insights and to continue learning about how Igor can bring your office space into the cutting edge age of smart technology.