Unexpected devices with potential negative impacts on a company’s security posture

0
117

Gary Allemann | Managing Director | Master Data Management | mail me |


There’s no doubt that the rise of our digital landscape has resulted in some incredible tools for businesses. These have opened global marketplaces to even small enterprises and made actionable data analysis more accessible.

Artificial Intelligence (AI) and machine learning software continue to improve data integrity and efficiency. However, it’s vital to understand that there are risks involved with so much free-flowing distribution of data. ]

Key amongst these risks is the potential for cybercrime to derail your operations and put the data of your business and customers in a vulnerable position. Maintaining a robust security posture can help you understand the primary hazards and adopt the most appropriate precautions.

No business can be 100% protected from cybercrime, and your business may not have a lot of time between a data breach and significant damage being caused. Nevertheless, vigilance and awareness are your key tools to have the most positive impact. This includes considering some of the less obvious points of data security vulnerability in your business.

Let’s take a closer look at some of the unexpected devices that could negatively impact your security posture.

Standard office equipment 

One of the hurdles in building your security posture is the potential to just look at the office with a contemporary mindset.

It’s easy to assume the only tools vulnerable to current data threats are those developed in the last decade or so, or those explicitly designed to store, share, and transmit data. However, even some of the most innocuous and common examples of office tools have the potential to present data security issues. This comes down to the propensity for an increasing amount of standard office equipment to contain storage media and other connected hardware.

Printers, scanners, and fax machines often utilise hard drives to hold the data you feed them before executing their core function. While some of these items will have short-term memory – known as volatile media – they can nonetheless contain sensitive material. Indeed, most of these devices can connect wirelessly to your company network. It’s important to make efforts to mitigate the potential breaches that can arise here.

Indeed, if your office is currently progressing toward paperless and purely digital practices, you might be considering disposing of this type of equipment. This can certainly seem like a good solution to reducing potential threats. However, it’s important to remember to arrange for effective destruction of the storage media inside these devices as well.

Wiping the hard drives or utilising professionals to securely destroy them should be part of your security posture in these circumstances.

The Internet of Things 

The Internet of Things (IoT) is gradually having a greater presence in all industries to streamline practices.

Items that are connected to the manufacturing process or handling payments may be considered some of the more obvious points of vulnerability due to their sensitive data storage and transmission. However, it’s important to understand how devices and sensors in the IoT that aren’t directly connected to business practices can also be a threat to your solid security posture.

Smart thermostats and lighting systems can both be problematic in this regard. This isn’t because the details of your company’s energy consumption might be at risk of being stolen. Rather, it is because these IoT devices can act as a form of bridge to your company network.

By breaching one of these atmospheric control devices, cybercriminals can move within the network and potentially access more secure databases. This provides opportunities to steal data, plant viruses like ransomware across the network, and potentially take control of other connected devices. Indeed, Distributed Denial of Service (DDoS) attacks are a common way to cause significant disruption via unsecured IoT items.

One of the clear issues is often the lower-priced versions of these IoT devices aren’t designed to have significant encryption software. While they might seem innocuous, it’s important not to take risks on buying items that don’t give you full control over security.

It’s also common for users to leave these items operating without passwords or to stick with the default passwords. Be as stringent with these devices as any other when handling sensitive data on your network.

Personal wearables

When it comes to maintaining a secure data security posture among workers, there’s an increasing focus on personal device use.

Bringing in smartphones and tablets from home creates an obvious potential breach issue, particularly when they’re connected to the company network. This is one of the reasons why many companies have become strict about minimising access. However, one of the issues too many companies overlook is the risk posed by employees’ wearables.

As tools like smartwatches and fitness bands have become more affordable, a greater number of your employees might be wearing them to work. Indeed, some of these items can be used to access emails, connect to productivity apps, and interact with the cloud. While this might seem like a good productivity tool, particularly when workers are on the move, these items also carry a huge amount of data. When they’re connected to company cloud platforms and email accounts, they’re also freely transporting and potentially providing criminals with access to sensitive company information too.

Encryption is available for most of these devices. Unfortunately, many people aren’t vigilant about making use of this in the same way you would with other office equipment. As such, you need to be clear on your company’s policies for personal wearables in the office. In some cases, involving IT staff in training workers on how to effectively encrypt their smart watches could be effective.

In conclusion 

With so many devices available to improve business operations, it’s important to understand the risks involved. This includes being vigilant about the less obvious devices that could present hazards.

Be aware of the storage media in printers and scanners and take the time to properly encrypt all items in the IoT.

Companies should produce clear protocols for how employees should use wearables in the workplace. By reducing the points of vulnerability, they can help keep data secure for the benefit of all stakeholders.


 



LEAVE A REPLY

Please enter your comment!
Please enter your name here