Securing Data Over IoT Devices
by Raymund Taylun, Senior Security Advisor
30 October 2020
COVID-19 has changed many organisations’ way of working. It has moved users from physical offices to a virtual, remote working world, thus forcing some organisations to operate with limited workforces and reduced manpower. As more users access their corporate networks remotely, the attack surface on IoT devices increases, especially if organisations lack visibility and control over the devices connecting from various locations.
Regardless of whether an organisation is a small or medium sized enterprise, from the moment a user is given access to emails or other applications that have access to internal assets, proper security controls must be in place. Unfortunately, many organisations disregard deploying controls over IoT devices that belong to their privileged users or VIPs.
Having no centralised visibility or control over what data is being accessed and who is accessing it increases cyber risk and makes an organisation an easy target for cyber criminals. Protection of IoT devices, and the data within them, must be looked at and assessed by IT security teams. In order to do this, regular cyber security assessments should be carried out to ensure IoT devices have the right set of security controls to prevent security threats and spot unsecured devices that are accessing the organisation’s network.
It’s important to keep in mind that cyber security assessment results will only represent a snapshot of how your current security controls are protecting you from potential threats. The threat landscape is always changing, and this means IoT devices need to be continually reassessed to identify the appropriate security controls required to keep security risks at a low level.
Many organisations are still coping with an accelerated digital transformation to support secure remote working. Whether they are doing this shift as a short-term or long-term transformation, having complete visibility and control must be prioritised. Without a proper cyber risk assessment, the attack surface for cyber criminals can be overlooked and may result in financial or reputational loss.