Skip to Main Content

Back to all Resources

IoT Security and the Importance of Employee Buy-in

Syed Zaeem Hosain, Chief Technology Officer and Founder, Aeris Communications

A Verified Market Research study from earlier this year estimated the cellular IoT market to be valued at $4.30 billion, and is projected to reach $29.8 billion by 2030.  With the proliferation of IoT devices, enterprises need to know how to detect and respond to IoT security challenges and threats wisely. For an organization utilizing IoT, securing IoT devices is often ignored, and their significance in an organization’s IT infrastructure is rarely considered. However, by not addressing the threats, an organization’s IoT infrastructure, which in itself is a wide attack surface, can be exposed to serious disruption through cyberattacks. Unfortunately, it’s typically an employee that unknowingly pulls the trigger when it comes to cyberattacks, by clicking on an email and launching a phishing scam.

When the majority of workers operate out of a physical location, there are generally robust security procedures in place. It’s not always possible—or practical—to implement these when employees are working remotely. In addition, the WFH model introduces its own security concerns, ranging from weak passwords on personal computers, poorly secured wi-fi, or the family’s Alexa passing along malware.

Employees may practice a good understanding of security best practices in the office, but it’s not unusual for them to be much less vigilant at home. Companies with remote staff must educate them on home network risks, including the fact that many household products like smart TVs or even baby monitors can introduce numerous security vulnerabilities. In addition, there is always the possibility that children or spouses could unintentionally download malware on the home network. It’s important that employees use their virtual private network (VPN) to access any files or systems, on corporate servers, for example, when they are not physically working in the office.

So, what steps can IT departments and employees take to address these threats? Some precautionary steps include the following:

  • Carefully vet collaboration tools before connecting them to help mitigate security vulnerabilities.
  • Do not reuse or share passwords and understand the implications of the risk associated with doing so.
  • Deploy technology that automates the detection and prevention of compromised credentials.
  • Be aware of remote-specific phishing scams such as Skype, Slack, and Zoom, which have all become popular phishing traps.
  • Discuss email phishing with other family members—ideally with specific training—to avoid issues that may impact everybody.

Another concern to be mindful of is the vulnerabilities that arise when employees look for workarounds—something that is increasingly common with remote or hybrid working models. Examples of workarounds include emailing confidential data to personal accounts or copying the information to local USB storage in the interest of convenience. Regardless of how a company chooses to address the workaround vulnerability, it’s important that it also monitors for this activity and continues to educate employees on this type of threat.

The security concerns associated with connecting a wide array of IoT devices and smart products will continue to grow as more companies embrace the remote model as a standard. According to the hiring habits of over 1,000 hiring managers within the United States, predictions indicate that 22%, almost one in four, of the American workforce will be remote by 2025. That hypothesis indicates that nearly 36.2 million Americans should plan to work remotely. That’s an 87% increase from pre-pandemic predictions (Upwork research).

Companies need to educate employees on digital best practices and provide additional guidance on corporate security standards to be equipped with knowledge to deter would-be hackers and protect their business.

In addition, as the enterprise business grows and scales, and more devices are connected, the security solution needs to adapt, scale, and be flexible. Partnering with a global IoT solution provider also helps to get IoT security right from the start. In addition, a combination of an embedded IoT security solution within a global connectivity solution provides additional flexibility and integration for enterprises.

According to IBM, the average security breach can cost up to $4.2 million, and breaches identified within 30 days, on average, incur a savings of over $1 million of the total cost of the security breach expense.  By employing an IoT solutions provider, such as Aeris, organizations can significantly reduce the cost of security breaches by having access to unprecedented visibility into proactive and deep security insights on their IoT applications and devices. With an expert IoT solutions provider, organizations can obtain the tools to help them detect and prevent potential security breaches and reduce the corresponding response time from months to minutes.

Sign up for the latest on IoT intelligence