What are the cyber risks and threats associated with smart devices at home and at work?

Over the last decade, smart devices have brought convenience and efficiency to our homes and workplaces … however, this convenience also comes with some cyber drawbacks.

A myriad of cyber risks and threats, associated with smart devices, can compromise our privacy, data security, and even the integrity of critical systems. From IoT (Internet of Things) smart devices rushed to market with security flaws to unsecured home Wi-Fi networks, the vulnerabilities associated with smart devices are vast and require proactive measures to mitigate.

And for organisations, lax smart device security can be costly. For example, the EU proposes that failing to adhere to the Cyber Resilience Act will result in fines of 15 million euros ($15 million) or up to 2.5% of an organisation’s total global turnover (TechRadar).

In this article, we will cover the specific risks and threats associated with smart devices both at home and in the workplace and explore how cyber security awareness and training can play a pivotal role in safeguarding against these dangers.

At Home: Smart Device Security Risks and Threats

Statista data reveals that the number of homes considered to be “smart” will increase to more than 480 million by next year. On top of this, a new report from Which? reveals that smart devices are exposed to thousands of scanning and hacking attempts across just a single week. But what other risks and threats do smart devices face at home?

• IoT Smart Devices Rushed to Market with Security Flaws: One of the primary concerns with smart devices is the rush to bring them to market, often resulting in inadequate security measures. These devices may contain vulnerabilities or zero-day exploits, making them susceptible to hacking and exploitation by cybercriminals.
• Unsecure Home Wi-Fi Networks: Home Wi-Fi networks are often left unsecured or configured with default settings, leaving them vulnerable to unauthorised access. Hackers can exploit these weaknesses to gain access to sensitive data or launch attacks on connected devices.
• Neglecting Personal Smartphones: Personal smartphones are abundant in households, yet many users neglect to update or secure them properly. Outdated operating systems and lax security settings create opportunities for hackers to gain unauthorised access to personal information or install malware.
• Overloading Smart Bulbs to Down Systems Smart bulbs, while convenient, can also be exploited by attackers to overload a system and cause disruptions. This type of attack, known as a Distributed Denial of Service (DDoS) attack, can render devices and networks inaccessible to legitimate users.

At Home: Smart Device Security Tips

To minimise the risks associated with smart devices at home, consider the following security measures:

• Turn off Universal Plug & Play (UPnP): Disable UPnP to prevent unauthorised access to your network and to prevent smart devices from automatically connecting with other smart devices without permission.
• Use Strong Passwords and Biometric Locks: Secure your devices with unique, hard-to-crack passwords or biometric authentication for added security.
• Isolate Home Network: Utilise guest networks for smart devices to isolate them from your main network as a form of network segmentation.
• Update Default Credentials: Replace default usernames and passwords with personalised credentials to ensure you are not caught slacking from the get-go.
• Enable Firewalls and Antivirus Software: Protect your devices with firewalls and antivirus software to detect and prevent malware infections.
• Regular Security Updates: Keep your devices up to date with the latest security patches and firmware updates or you will fall victim to common and emerging threats and risks.
• Review App Permissions: Check and assess the permissions granted to apps on your smartphone to minimise potential risks and data being shared with organisations and apps that you do not agree with.
• Enhance Smart Speaker Security: Change the wake word on smart speakers to a unique phrase known only to you and your family. This will prevent a malicious threat actor from easily activating your smart speaker using the common alert words such as ‘Alexa,’ ‘Siri’ or ‘Okay Google.’
• Cover Webcams and Cameras: Protect your privacy by covering webcams and cameras when not in use to ensure you are not being spied or eavesdropped on.

At Work: Smart Device Security Risks and Threats

• Remote Working Vulnerabilities: The rise of remote work has introduced new challenges in securing smart devices used outside the traditional office environment. Employees may use personal devices for work purposes, blurring the lines between personal and professional usage and increasing the risk of data breaches.
• IoT Botnets and DDoS Attacks: Attackers can exploit vulnerable IoT devices to create botnets capable of launching large-scale DDoS attacks. Smart devices with insufficient security measures can be hijacked and used to overwhelm networks, causing widespread disruption from within.
• Unpatched Devices and Zero-Day Vulnerabilities: Smart devices deployed in the workplace may remain unpatched or contain undisclosed vulnerabilities, leaving them susceptible to exploitation by malicious actors. Zero-day exploits pose a significant threat as there may be no available fixes or patches to address them – especially if your organisation has become reliant on said devices.

At Work: Smart Device Security Tips

To enhance smart device security in the workplace, your organisation should consider the following measures:

• Cyber Security Awareness and Training: Implement regular and engaging cyber security awareness and training initiatives to educate employees on common and emerging cyber threats and risks. Ensure your awareness and training campaign is tailored for different departments, targeted towards security gaps and relevant to the cyber threats facing your employees.
• Strong Authentication: Require employees to use strong passwords or multi-factor authentication (MFA) to access company devices and networks.
• Password Security Protocol: Establish and enforce a comprehensive password security protocol to ensure the use of unique and complex passwords.
• Firewalls and Antivirus Software: Deploy firewalls and antivirus software on corporate devices to detect and mitigate potential threats.
• Regular Updates and Patch Management: Implement a robust system for monitoring and applying security updates and patches to mitigate known vulnerabilities.
• BYOD (Bring Your Own Device) Security Policy: Develop and enforce a Bring Your Own Device (BYOD) security policy to govern the use of personal devices for work purposes.
• Network Segmentation: Segment the corporate network to isolate smart devices and limit the impact of potential breaches or attacks.

Conclusion

There are more smart devices on earth than there are people!

And, whilst smart devices present opportunities for organisations and employees, they also bring a myriad of challenges, introducing new avenues for cyber-attacks and data breaches.

By implementing robust security measures at home and in the workplace, combined with comprehensive cyber security awareness and training programs, individuals and organisations can effectively mitigate the risks and threats associated with smart devices and safeguard against potential security incidents.

Remember, when it comes to cyber security, vigilance, awareness, and preparedness are key.