Report: ‘Internet of Things’ Poses Cyber Threat to Companies
Employees working from home can put their companies at risk for data breaches, a recent report showed.
Cyber attacks on home networks have increased significantly in the past year, mainly because they are “so easy to execute” and hackers can often go in undetected, according to the2015 Dell Security Annual Threat Report.
Off-site networks like home routers, field office work stations and remote work stations have become hacker targets because they are “traditionally not protected as much,” said Paul Christman, vice president of public sector sales and marketing for Dell.
Workers don’t protect their personal devices as well because they don’t think they could be a target, he added. However, “everything’s so interconnected now that the perimeter really has changed.” This is a result of the “Internet of things,” or the connection of multiple devices to the Internet, Christman said.
“We’re connecting up all these strange things to the Internet … Who’s to say these devices should be able to be granted access to certain information?” he said. “The Internet of things just takes what we normally think of as a pretty complicated situation and just makes it that much more complicated because of the diversity of the kinds of data and the diversity of the kinds of devices that are being hung onto the net.”
Any device connected to the Internet must be granted the proper access to the right information, he added.
In March 2014, one single attack affected 300,000 home routers, many of which had administrative interfaces accessible from the Internet, the report stated.
“If there are nefarious things going on, whether it’s China or somebody else, on any of these devices and you’re at home and you’re opening up a connection to your company, you’re basically compromising your company at that point in time,” said Jackson Shaw, senior director of product management for Dell’s identity and access management division.
Last fall, Shaw experienced this first hand when he installed a Dell firewall in his home, which he said “certainly doesn’t need huge protection.” However, six weeks later when Shaw ran a report to check the IP addresses of his Internet traffic he was surprised to see that six percent of his traffic was directed to China.
Shaw originally dismissed the connection, but days later when he used his home connection for work he realized, “Wow, I just opened a door to Dell and I’ve already got a door open to China.”
Companies with remote or home workers can take steps to protect their off-site locations from hackers, such as having employees set their own passwords because default passwords may be compromised easier. Users should constantly check for firmware updates, restrict remote router management over the Internet, log out when accessing the router interface and more, the report stated.
“You've got to train the users and the users have to buy into this idea that it’s their responsibility as a key component of security,” Christman said. “The users have to understand what they’re responsible for.”
Users should research products before purchasing them, constantly take system inventory, when adding new devices to a network segment them to a different part away from company information, become educated on the technology and finally to take all steps to secure data, said Bill Evans, senior director of project marketing at Dell Software.