This post is part of an ongoing blog series examining predictions and recommendations for cybersecurity in 2018.
We have already seen the positive impact of IoT on our daily lives, from smart hairbrushes to step trackers. While everyone appreciates the convenience of these devices, not everyone understands the security risks they bring, particularly when they are coming in and out of corporate networks.
In 2018, we will begin to see the line between personal and corporate security become blurry, with CISOs getting more involved in managing the security of personal IoT devices.
While personal devices are not company property, they may still hold sensitive company information that can be valuable to cybercriminals. It’s fairly easy to track down employment information via social media, and if a cybercriminal knows an individual works for a specific company, then any device that individual uses may be a gateway to additional corporate information. Oftentimes, IoT devices connect to company laptops or mobile phones that have legitimate access to the corporate network. It’s reasonable to assume that, if a personal IoT device is compromised, your corporate network might be vulnerable as well. For this reason, I believe we will start to see CISOs thinking more about how to guard against threats posed by personal devices as part of their overarching cybersecurity strategies.
Recommendation: Integrate Personal IoT Security Into Ongoing Cyber Education
As with any solid cybersecurity strategy, education is the cornerstone of proper cyber hygiene and can help ensure employees do their part to prevent successful cyberattacks. The training companies provide for general cybersecurity awareness ought to be expanded to include education about personal IoT devices and the far-reaching impact these devices can have on the organization. CISOs should advise employees on how to adjust device and app settings, such as location and data access, to protect employees and the company.