SCOTTSDALE, Ariz.—As companies begin to rely more on remote workers, one report cautions that as the Internet of Things (IoT) gains traction, workers based at home have emerged as a potential weak link in cybersecurity.
IoT devices such as baby monitors, smart TVs, gaming consoles, surveillance cameras and climate control systems are designed to store data and connect to the Internet. They do so via rudimentary software operating systems, often with a limited user interface, much less actual security features, pointed out ThirdCertainty.
That makes these computing devices a perfect tool for criminal hackers, ThirdCertainty noted.
“Your corporate computer likely has a firewall, anti-virus and numerous other ways to prevent attacks,” Rapid7 Senior Security Consultant Mark Stanislav told the news outlet. “Devices such as baby monitors are fairly weak at protecting themselves.”
By infecting a device on a home user’s network, an attacker “could conceivably pivot to any other device on the same network—including any computer or connected device tied in to an employer’s network,” Stanislav said.
Stanislav told ThirdCertainty that criminal hackers can use control of an IoT device as the launching point to the rest of the devices in a home or remote location. They could try to steal passwords, distribute malware or look for vulnerabilities in a remote worker’s computer.
Stanislav suggested steps remote workers should take to protect against cybersecurity breaches.
“Employees should be careful at putting unnecessary Internet-connected devices on the same network that they use to connect into their organization,” he told ThirdCertainty. “Many modern home Wi-Fi routers allow you to create multiple networks that can separate traffic, such as using one network for home computing and another strictly for work reasons.”
Employees should never use their work passwords for any personal websites or services, Stanislav said. They should work with their company’s IT security staff to ensure their work station is properly secured, “with security patches applied in a timely manner and all available security tools and services installed and functioning as expected.”
Companies are best equipped, Stanislav told ThirdCertainty, to observe employee network activity and determine “if anomalous behavior” may indicate a criminal abusing employee access and privilege.