IoT Devices in the Workplace: Security Risks and Threats

Managing security in the IoT-connected workplace is critical

The network of devices, sensors, and software in our fitness trackers, cars, home appliances and offices, which is collectively known as the internet of things (IoT), is growing fast. But due to the nature of those connections, which are machine-to-machine, most people have no idea quite how connected the world around them is becoming.

Doors, elevators, watches, appliances...they're all going online and connecting. Industrial IoT is booming. By 2025, experts predict there will be at least 25 billion active devices connected to the internet...and that's just the beginning.

The volume of IoT devices will be a game-changer in the near future. While it's very exciting to think about all that can be achieved in smarter cars, homes, and offices, we also need to remain critically aware that IoT device hacking is also a huge cybersecurity risk.

IoT device security is a huge issue. More connected devices mean more points of access for cybercriminals to get in and a bigger attack surface to protect. Cybersecurity needs to be built into the DNA of an organization if it's going to survive in our fast-approaching connected future.

IoT is vulnerable. In 2020, cyber hacking attempts increased by 400% as personal devices and remote workstations became the norm. Six out of ten personal devices are thought to be unprotected from attacks, according to experts. Connected devices such as wearables, smart locks, card readers, and biometric systems each have their own unique IP addresses that they use to communicate. But very few of them are equipped to download smart patches or updated security protocols automatically.

Employees have a huge role to play in managing IT security risks in a connected office.

They also need to be aware that they have rights around the data that is being collected about them and how it is used.

What are employee rights and responsibilities with IoT?

Many of the IoT devices in the workplace will be carried in and out by employees, for example, smartwatches and other wearable devices. That makes people responsible for ensuring that their devices are secure and do not fall into the wrong hands.

But what happens to all that data when you are online at work? And what about all the sensors and devices in an office that are monitoring where and when you arrive and leave, which routes you travel, your biometrics, etc.? There is a giant trove of data being created every day in the workplace of a personal and sensitive nature, which brings up many privacy issues for employees.

The bottom line is that organizations that collect or use personal information via IoT devices, must still abide by the laws that regulate how personal information is handled. However, a lot of the data being recorded by such devices may still be vulnerable. Many wearables store data locally on the device, without any encryption or password protection, which could cause sensitive data to be leaked if a device were to fall into the wrong hands.

What are the privacy issues?

While it may be easy to assume that IoT devices only affect individuals, they can also have a large impact on businesses. If employee personal information is being stolen or purchased by bad actors, they can then use that information to create more sophisticated and precise phishing attacks, which can lead to breaches.

It's up to everyone on the team to take a larger measure of responsibility when it comes to IoT data gathering. Education is key and without much effort, you can raise your awareness of cybersecurity and train yourself to be a defender of privacy for your organization.

Employees are understandably wary about IoT companies knowing too much about their personal health and movements, particularly if that data is collected without their knowledge or ability to opt-out. The worry is that the data will be sold to companies that will target them with advertising or stolen by individuals to be leveraged against them.

IoT devices are already playing a large role in the lives of millions across all businesses, but those the risks are most apparent in the health sector, where there is concern surrounding devices such as pacemakers and insulin regulators being hacked.

Tackling the challenges of IoT devices in the workplace

Understanding how IoT devices function in the workplace and how your employees are using them is an important step to providing the kind of online security that your employees want and expect from their employers.

IDX offers a cost-effective privacy protection plan that includes features that can allow you and your employees to be proactive by scanning for personal information and removing it from potentially harmful sources.

CyberScan

CyberScan continuously monitors all layers of the web—including the dark web, where cybercriminals buy and sell stolen identities—and notifies you immediately if your personal information appears to be compromised.

ForgetMe Scan

ForgetMe scans data broker sites and removes personal data from any that are selling your information, preventing bad actors and advertisers from purchasing data recorded from IoT devices.

To find out more about how IDX is tackling the challenge of IoT, reach out and get started today.