Risk of Enterprise Connected Devices
Enterprise connected devices (ECDs) are used in many UK businesses to interact with, hold or process data. They include technology like smartphones, office cameras and vehicle telematics devices. While ECDs may improve operational efficiency, their use can expose organisations to increased cyber-security risks. When compromised, ECDs could allow cyber-criminals to gain access to corporate networks for espionage purposes, disruption or financial gain.
One common ECD type is the Internet of Things (IoT), which describes physical objects with embedded software that connect and exchange data with other devices and systems over the internet. Examples include smart watches, smart TVs and virtual assistants like Alexa. IoT technology is becoming increasingly popular. In fact, database company Statista predicts there will be over 75 billion IoT devices worldwide by 2025. With so many such ECD devices available, they are attractive prospects for cyber-criminals. Not only are they easily accessible over the internet, cyber-security is often an afterthought.
ECDs can be attacked in one of three ways:
- Communication channels - Attacks can originate from the communication channels that connect ECD components with one another.
- Applications and software - Attacks can originate from vulnerabilities in ECD software or network services.
- Devices - Attacks can be made on the devices themselves due to vulnerabilities in their storage firmware or physical interfaces.
It’s vital for organisations to implement measures to mitigate the risks from ECD use. Consider these tips:
- Improve passwords. Avoid using the default password supplied with a device. Instead, give each ECD its own secure password to make it harder for cyber-criminals to gain access.
- Patch regularly. Keep on top of software or firmware patches. Better still, only buy ECDs that have built-in patching capability.
- Implement verification. Only allow employees access to ECDs for legitimate business purposes. Additionally, put in place solid verification steps to check users before they’re given access.
Although ECDs are common in many workplaces, it’s wise to make sure you have a comprehensive cyber-security plan established before relying on them. Such devices can be used by cyber-criminals to compromise other systems on a network, so make sure you’re adequately protected.
Contact us today for more ECD-related guidance.