2018 Predictions & Recommendations: The Internet of Things Blurs the Line Between Personal and Corporate Security

8,963 people reacted 5 2 min. read

 

cpr iot Blog 600x300

This post is part of an ongoing blog series examining predictions and recommendations for cybersecurity in 2018.

We have already seen the positive impact of IoT on our daily lives, from smart hairbrushes to step trackers. While everyone appreciates the convenience of these devices, not everyone understands the security risks they bring, particularly when they are coming in and out of corporate networks.

In 2018, we will begin to see the line between personal and corporate security become blurry, with CISOs getting more involved in managing the security of personal IoT devices.

While personal devices are not company property, they may still hold sensitive company information that can be valuable to cybercriminals. It’s fairly easy to track down employment information via social media, and if a cybercriminal knows an individual works for a specific company, then any device that individual uses may be a gateway to additional corporate information. Oftentimes, IoT devices connect to company laptops or mobile phones that have legitimate access to the corporate network. It’s reasonable to assume that, if a personal IoT device is compromised, your corporate network might be vulnerable as well. For this reason, I believe we will start to see CISOs thinking more about how to guard against threats posed by personal devices as part of their overarching cybersecurity strategies.


Recommendation: Integrate Personal IoT Security Into Ongoing Cyber Education

As with any solid cybersecurity strategy, education is the cornerstone of proper cyber hygiene and can help ensure employees do their part to prevent successful cyberattacks. The training companies provide for general cybersecurity awareness ought to be expanded to include education about personal IoT devices and the far-reaching impact these devices can have on the organization. CISOs should advise employees on how to adjust device and app settings, such as location and data access, to protect employees and the company.

 

1 Reader Comment

  1. BYOD is an “Achiles Heel” for most companies in the age of mobile working, remote access and the “always on” culture we see in the global workforce. Companies need to have strategies around their policies and their security profiles and solutions for IOT devices owned privately but used professionally by staff. As an IT professional I have always had two phones – one for work and one for private use. I have separate media devices, work and life are separated. My employers have always had guidelines and policies in place regarding social media and use of corporate equipment……… the acid test comes with spot checks and compliance reviews. Policies alone won’t do it – it must be managed – 24×7 and “alway on”

Got something to say?