As small businesses continue to battle traditional issues of time and resources, the rapid growth of the Internet of Things (IoT) is adding SMB security risks for teams to manage.
While there are certainly many benefits to implementing IoT in terms of efficiency and logistics, such a rapid growth in the number of endpoints connected to a company’s network immediately brings with it increased security risks.
Considering the number of organisations that have been hit by cyber-attacks and suffered data breaches in recent years (43% of cyberattacks target small businesses), it is increasingly clear that security should be a primary consideration for SMBs when introducing any new devices into the office environment.
This article looks at the challenges to security that are caused by new developments in technology and how SMBs can manage that threat.
Why is IoT a security concern?
All of the possible locations that could become a point of entry for malicious software or third parties to exploit and gain access to a company are known as the attack surface.
From lighting to printers, an increasing number of modern devices in the office space require some form of internet connectivity to function. Juniper have estimated that the number of IoT devices will pass the 50 billion mark by 2022.
Couple this with the increased use of personal devices for mobile working and it is clear to see that attack surfaces for SMBs are rapidly expanding as technology pushes the number of endpoints to keep rising.
Any individual device could be breached or used as a point of entry for hackers, and so having an increasingly large number of devices to manage mean that risk is greatly multiplied.
Without effective IoT security measures, sensitive data is at risk of being intercepted by the hacking of otherwise innocuous devices such as printers, thermostats and locks.
How can the risks be reduced?
While the range of devices will vary from company to company, there are a number of universal precautions that SMBs can take to minimize SMB security risks from IoT:
Improved endpoint security
Ensuring your security software is up-to-date and secure is vital for identifying and protecting against malware and other malicious software.
In addition to antivirus and a firewall for detecting and removing threats, endpoint security solutions should go a step further and help to protect against threats that are not detected using traditional security software.
This could include tools to identify phishing emails, scanners to detect WiFi vulnerabilities and encryption and secure storage for documents and files.
The first rule of cybersecurity is to use strong passwords, and this is especially true for networks that include IoT devices. While devices such as smart speakers are simple to connect to the network, many people do not think to change the default passwords, essentially meaning that a potential hacker has access to your network with minimal effort.
The Avast Smart Home Report 2019 found that 40% of smart homes have at least one vulnerable device, and 69.2% of these are vulnerable due to weak security credentials. As use of these devices moves from the home to the office, it is vitally important that SMB security risks like these are addressed.
Strong passwords on every device are a vitally important step to prevent a breach and should be accompanied by two-factor authentication wherever possible.
Security patches are simple, but crucial to secure devices and ensure that vulnerabilities do not compromise your network. Patches are often quick and simple to apply and in some cases can be automated.
While there is a temptation to click ‘remind me later’, network security is only as strong as your weakest link, so every device connected to your network should be updated as soon as patches become available.
This can present a challenge for SMBs with limited resources and a minimal number of IT specialists. In addition to updating servers and laptops, IoT introduces a dramatic increase in the number of devices that need to be updated.
To prevent this causing a delay in some devices receiving patches, the responsibility should be shared among all staff. If everybody updates their own devices, security becomes a topic for the wider company, a positive step towards improved best practices.
As important as updated security software is, cybersecurity has to be multi-layered. Threats are continually evolving and while firewalls and malware scanners can be updated and will protect against certain types of threat, they will not prevent someone accidentally opening a phishing email, for example.
Every year, human error accounts for a significant number of data breaches, far more than targeted or malicious attacks. In 2018, UK’s Information Commissioner’s Office (ICO) found that 88% of breaches were the result of human error rather than targeted attacks.
To minimise this risk, SMBs should ensure that staff at all levels of the company are following security best practices, such as utilising strong passwords, two-factor authentication and applying patches and updates as soon as they become available.
This should also be supported by regular training and a bring your own device (BYOD) policy for mobile workers.
The landscape surrounding SMB security risks is evolving. To combat this, it is crucial that small businesses take the time to carefully monitor the attack surface of their company and balance the addition of new IoT devices against the potential security risk that they may bring with them.