Protecting Small Business Networks in the Age of IoT

Protecting Small Business Networks in the Age of IoT

The productivity boost and increased workplace happiness of employees able to work from home have been well-documented. Approximately 4 million Americans are now working from home full-time and the benefits are being realized on the side of employers and employees.

Think about all the time an average employee spends throughout the work week on non-critical tasks – talking around the break room, pointless meetings, or having to put up with loud colleagues. It’s easy to see a scenario where eliminating these distractions would leave more time for real, productive work during the day.

From the administrative side, the decrease in overhead represents real and immediate savings for business owners. Major examples of this are a single internet search away, like Aetna a health insurance company which was able to shed 2.7 million square feet of office space by offering telecommuting programs and was able to save $78 million in the process. Or American Express which reported savings of $10-$15 million by increasing their remote work options.

Why are we bringing this up today?

Well, like with many things related to business technology, executives fall into the trap of thinking that these changes are a “one-and-done” kind of scenario. In fact, these require constant attention in order to maintain their full effectiveness. We live in a world where access to networks is just a click away, but the rise in accessibility has also increased the possibility that networks can be compromised.

Telecommuting programs are great, but only if they’re functional and not compromised by hackers. We’re “connected” in a way we’ve never been before but staying on top of the security of a cloud network can be a full-time responsibility.

Today, we’ll discuss some of the concerns business owners should have about the security of their cloud network, and how you can provide stronger security for your employees moving forward!

Who’s Signing into The Network?

Let’s assume a small business with 15 employees installs a cloud network in order to achieve the goals described above. How does the IT manager, or the CIO effectively monitor who is using the network?

Many organizations utilize a single sign-on (SSO) requirement for users to access the network, this method is incredibly easy to bypass for bad actors. Combine this statistic with the fact that the biggest security threat to any business is the employees themselves and it paints a grim picture.

Cryptojacking is one of the latest trends that hackers are using to benefit from the spike in Infrastructure-as-a-Service (IaaS). You might have heard of cryptocurrency, essentially hackers infiltrate cloud networks and appropriate several devices computing power to mine for cryptocurrency without consent.

Cryptojacking is just one of the tools bad actors will use to make money at the expense of unsuspecting network administrators.

Fortunately, there are tools businesses can leverage that will help keep their networks secure and free from criminals attempting to exploit weak security.

Firewalls

Firewall software can help keep your information and the outside world separate. In addition, a firewall can be configured to alert the administrator of attempts to access the network from an unauthorized source. Most machines come with firewall software installed already, but networking firewalls provide advanced protection for businesses with multiple users.

Strong Password Stewardship

While setting up for a morning of work at a coffee shop can be an awesome way to get an employee a change of scenery, thinking these locations are immune from hacker-intrusion is foolhardy.

An unattended computer, tablet or mobile phone is a potential source of wealth for a bad actor – we recommend requiring strong passwords and passcode locks on mobile devices.

Bonus Hint: Password requirements (8 characters in length, containing lowercase and uppercase letters, symbols and at least one number) can be enforced manually by a network administrator. This might inconvenience those employees who use the password, “password” for everything, but the enhanced security overshadows any minor inconvenience.

Multifactor Authentication (MFA)

An upgrade over the single sign-on method is leveraging multifactor authentication in order to access the cloud network. MFA combines two or more independence credentials in order to create an additional layer of defense for the network.

Selecting the appropriate credentials to use for MFA will depend on the type of business. Common types of MFA scenarios are downloading a VPN client with a digital certificate before being allowed access to a network. A physical access card with a rotating PIN can also be effective. Some companies use a USB hardware token that creates a single-use password that must be used in order to log into a VPN network.

The IoT Threat

IoT isn’t an acronym for the Internet of Threats but cybersecurity experts are expecting more growing pains as the usage of Internet of Things (IoT) devices grows into 2019 and beyond.

While IoT devices to purport to create a better quality of life, they’re typically made with a low-cost, high-volume mindset, which means hardware tends to be cheap, infrequently updated and vulnerable to exploits.

Kaspersky Labs reported an estimate of 20 billion IoT devices could exist by 2020 – but currently, there are little IoT security standards that companies are required to adhere to.

So what’s the big deal if that Coke machine in the break room starts to go haywire and spit out free sodas? Well, the insecure nature of the Internet makes IoT devices the source of high-profile events which use IoT devices as nodes for wider attacks. The Mirai malware in 2016 is a great example of this, highlighted by Security Boulevard:

The most infamous attack to date was the Mirai malware that hit networked devices running Linux operating systems in 2016. Mirai targeted online consumer IoT devices such as home routers and Internet-connected cameras. On September 20, 2016, the Mirai malware was used in the largest ever Distributed Denial of Service (DDoS) attack, targeting French cloud computing site OVH and, later in the same year, United States DNS provider Dyn.

While a SMB can’t control the factors that go into the manufacturing of IoT devices, the IT department can still take actions to mitigate IoT risk within the organization. A centralized network security solution is a smart bet, which renders device/end-point devices relatively agnostic.

Update, Backup and Move Forward

Software programs like the Adobe suite, QuickTime and Flash often release updates for their programs. If a business is not currently leveraging automated backup there’s a strong chance there is some glaring vulnerability just waiting to be exploited by a hacker.

In our experience, it’s not always prudent to count on employees to perform these updates. Managed IT support packages, like the type offered by our team, can close this gap.

Automated update scheduling and automated data backup protect businesses from bad actors and human error. Part of any disaster recovery plan that includes regular, automated data backup will help ensure things can get back to normal more quickly in the event of a worst-case scenario.

For many small businesses, outsourced solutions are more cost-effective and have a lower barrier to entry than hiring in-house resources. But if you’re interested in learning more about network security before giving us a call, check out the informational resources we have on the website.

We’ll leave you with one bit of advice about securing your network from BYOD-related events from the “The 7 Most Critical IT Security Protections Every Business Must Have” whitepaper we offer for free:

One of the fastest ways cybercriminals access networks is by duping unsuspecting users to willfully download malicious software by embedding it within downloadable files, games or other “innocent”-looking apps. But here’s the rub: Most employees won’t want you monitoring and policing their personal devices; nor will they like that you’ll wipe their device of all files if it’s lost or stolen. But that’s exactly what you’ll need to do to protect your company. Our suggestion is that you only allow employees to access work-related files, cloud applications and e-mail via company-owned and monitored devices, and never allow employees to access these items on personal devices or public Wi-Fi.