Cyber-aware companies aren't likely to be brought down by a doorbell camera or robot vacuum—but you shouldn't dismiss those risks entirely.
By 2025, there will be an expected 55.7 billion access points on the so-called "Internet of Things," (IoT) which includes all of your devices, such as phones, tablets, smart watches and home artificial intelligence.
"Homes are certainly more high-tech now," said Paul Tucker, chief information security officer for BOK Financial®. "And any time there's more tech, there's an increased chance of fraud or exposures."
Currently, cybercriminals launch about 5,200 attacks per month on IoT devices, posing a unique security conundrum for employers allowing hybrid or work-from-home arrangements.
For employers, allowing staff to work from home can feel like sending them into the wild, wild West with unsecured internet connections and lax data security measures. "But it's manageable with a little diligence," said Tucker.
He offered the following tips to secure your work-at-home environment:
- Create a guest network to work on your home internet. "This prevents you from getting to your family photos and personal taxes while you're in work mode," Tucker said. "A threat actor accessing your network would have a harder time crossing those boundaries."
- Change the default username and password on your Internet of Things devices and services, such as voice-activated assistants, like Siri and Alexa , which can transfer data across a network without your knowledge. "These devices typically come with a default user ID and password, and we recommend changing those to add an extra level of security and prevent access to them," he said.
- Use cyber best practices—like device lock screens and two-factor authentication on as many devices as possible.
- Ensure only company-issued devices can access your organization's virtual private network, or VPN.
- For those working in a hybrid model, consider designating some documents and data as accessible only from the office.
"I've heard companies worry about Alexa listening in on proprietary information," he laughed. "But that's not really a concern. Many of the risk concerns I hear are a little overhyped."
More likely, businesses should focus their efforts on data storage security, like cloud-based storage, such as Google Drive, and make sure these are secure, he suggested.
"Whether you're a small business or a major corporation with employees working from home, you can implement these practices at little to no expense," he said.
Cybersecurity trends on the horizon
"One thing I think we're going to see more of as new work models persist is the increase of Zero Trust policies," said Tucker. "This relies on security measures to monitor who accesses the network and from where."
If an employee working remotely can access the company network from a neighboring town, for example, additional measures would ensure it was, in fact, the employee. Even more stringent measures would be adopted for employees traveling abroad.
"If an employee is in China, there are higher cyber risks there than, say, Canada, so different measures would be implemented," he said.
Zero Trust policies rely on identity management tools, which Tucker also predicts will increase.
"Bottom line, if a company wants to use a work-from-home model, it's entirely possible," Tucker said. "With some diligence and employee education, it can be secured."