Smart Devices are making their way from homes into the workplace. Universities and corporations have already had to make rules and restrictions early on, because those devices are more ‘open’ to the network and interaction.
As a small-to-medium sized business you might find some products very attractive; connected thermostats you can remotely control and monitor for instance. But, even inside your workplace network, they could be a source of problems. Here are a few steps you can take to help minimize risks.
Many of these devices connect wirelessly, which is a great convenience since many locations will not have an ethernet cable close. But you want to make sure you create a separate, segregated wireless network (SSID) for those devices. Segregating them from the rest of your network and your more sensitive data. And make sure not to share that password with anyone. By not giving out the password nobody can inadvertently connect their laptop/phone to that network.
For larger companies which have access to professional I.T. support, further segmentation through switches and routers can easily be achieved. They often don’t need much bandwidth either, so meter them accordingly just in case.
We all cringe when the topic of passwords comes up in a conversation like this, because we all know we have been (or are) lax in in following the sound advice we repetitively hear.
When creating passwords for our connected devices (and wireless networks) it would be best not to reuse or recycle passwords.
Create a whole new set for these devices, that belong to them alone. At one time it was thought that a password of reasonable length (8-12 characters) with symbols/numbers/Caps was very good. Now we know that a password that is more of a phrase, or a memorable list of common words put together, has all the good qualities of the non-memorable complex password… and is far easier to recall.
On a final note: you MUST change the factory default password. Not changing is practically an open invitation for access.
Whether you develop your own password, or let a random generator give you something good, using a Password Manager can really simplify the process of accessing your device when you need to. There are a handful of paid and open-source managers in wide use which are very secure. Sure, some have had issues in the past, but they get patched when found. They are still better than keeping your passwords on a scrap of paper under your keyboard, in your desk drawer, written on the underside of your mouse, etc.
**Keeping Software/Firmware Up-To-Date**
This may be the most often overlooked practice for any and all devices at your company. Printers seem to work just fine with years-old firmware. Wireless access points often do too. Your switches never seem to drop a packet since they were installed 5 years ago. The BIOS for your computer…”wait, what exactly is the BIOS?”, you ask. “Doesn’t Windows update that?”
The list goes on. And even then, since devices need a reboot after the update, there never seems an easy time to do it and not interfere with workers and the network.
Set a reminder in your calendar to check on these periodically. How often?
I’d recommend that for these newer connected devices, checking every 3 months would be a good idea. Likely there will be several updates in the first year since they are new to the market, and many may revolve around security as well as features. Switches and printers can be less often due to their long history of production. Save the links to the respective support sites so you can easily get back there with only a click. The easier you make it on yourself the first time will help you keep on top of it in the months to come. Same advice goes for your mobile phones. When the app notifies you of an update, do it right then. We all forget to go back an hour later when we tell ourselves it’ll be more convenient.
In closing I might offer that that best intentions don’t translate to best practices. Intending to do something just doesn’t get the job done in the end.