Keeping data safe in an IoT world

Keeping data safe in an IoT world
(Image credit: Shutterstock)

With Covid 19 continuing to pave the way for a new remote working world, it is important that organizations continue to take security seriously. Having multiple people access a network from various locations is risky, so implementing strict multi factor authentication, data management and encryption are key to navigating this new era.

With many organizations still working remotely in the wake of the pandemic, the question remains, what will the office look like when we return? A whole new look and feel to the office

A whole new look and feel to the office

It’s no longer a great surprise to enter a shop and see markers on the floor, indicating a safe distance between you and other people, and pointing to one-way systems and hand sanitizer dispensers. But while working through these necessary changes in a retail environment can be tricky, these are magnified challenges in an office environment. From group meetings and popping to someone’s desk to ask a quick question, to grabbing a coffee from the kitchen and beyond, many offices are built to maximize space in order to get more people in.

For companies that reopen their offices, there will be a bigger emphasis on technology in the battle to keep employees safe. Some are already investing in IoT technology to monitor situations like sufficient airflow, if employees are sufficiently far apart and even how many people can be in the office at any one time.

For example, some companies will rely on indoor intelligence, normally reserved for deterring intruders and alerting break ins, to help control physical distancing. Likewise, others will use technology to verify that the employee or visitor, upon entry, is equipped with a personal protective device, such as a mask, and does not show any symptoms of fever or abnormal temperature.

On a macro scale, more countries are developing contact tracing apps to encourage citizens to record symptoms. This will allow authorities to alert people if they have been in contact with someone with the virus.

This network of smart devices is expected to continue to grow at an unprecedented rate, spurred on by new connection demands as a result of the pandemic

Creating security risks

A new IoT based workplace lifestyle does not come without its security challenges. Even before the lockdown hit, cybersecurity threats with IoT devices were becoming more sophisticated. According to Gartner, in 2018, nearly 20% of organizations had observed at least one IoT-based attack in the past three years. With lockdown significantly increasing the amount of daily screen time, exposure to cybersecurity vulnerabilities and data breaches from IoT based devices will rise too. For example, last March the National Cyber Security Centre (NCSC) issued a security notice, urging those who use smart cameras and baby monitors in the home to protect their devices from cyber-criminals.

IoT devices are often targeted because of the valuable data they hold, and this will only increase as firms sit on increasing mountains of information pertaining to the activities of their employees. Not only that, but IoT devices can also be used as a gateway into a company’s network, enabling hackers to unlock the door to the kingdom of the company’s secrets, or simply wreak havoc by taking over the devices themselves.

While the UK Government plans to bring security requirements for smart device manufacturers into law, it’s up to businesses to safeguard their own.

Making IoT devices data safe

Considering only around 13% of smart device manufactures embed even the most basic approaches to cyber security in products, protecting IoT devices and the data stored within them must be a top priority. Unfortunately, many companies are getting it wrong with simple mistakes, such as having no centralized function to manage all of their devices. There is also a risk, as we digitally evolve the workplace and bring these devices in, that IT security teams may not be truly aware of the threats and risks.

As a start, security teams should begin mitigating the risks by monitoring for unusual traffic patterns and data flows, as well as isolating IoT devices to certain areas of the network. Businesses must also invest in devices that have the appropriate security controls, such as encryption, multi-factor authentication and key management. If these measures aren’t in place for the devices they have already, they need to implement them themselves or partner with a company that has the knowledge and expertise to do this. Lastly, companies can help protect themselves by investing in appropriate education for their employees on the risks of IoT, such as the threats of bringing in unsecured devices onto the company network.

It’s important to remember that IoT security is not a once off. Amid an ever-evolving cyber landscape, the security of a device needs to be upgraded and updatable throughout its lifecycle. Thales’ Security by Design approach ensures that IoT security is considered at the beginning of project design – and that devices are protected in the right location at the right level to meet the needs of each implementation.

The future of business

While many workforces migrate to a more flexible way of work, many people will be excited to get back to the office and experience the ‘new normal.’ While technology has shown itself to be a great aid in enabling this to happen, businesses must ensure they take the right security precautions or risk leaving the door unlocked for hackers to walk on through.

  • Gorav Arora, Director of Technology, CTO Office, Cloud Protection and Licensing at Thales.
Gorav Arora

Gorav Arora, Director of Technology, CTO Office, Cloud Protection and Licensing at Thales. He has extensive experience in taking products from early conceptual product ideas to full-fledged shipping versions.