Estimated Reading Time: 4 Minutes
While Internet of Things (IoT) devices are designed to make our lives more convenient and connected, they have done just that for cyber criminals as well. IoT devices are increasingly vulnerable to hackers who use consumers’ identities to gain access to their data as well as their employer’s data. For example, in 2018, an unauthorized party acquired data through the MyFitnessPal fitness tracker, exposing personally identifiable information of more than 150 million users. A separate breach at Anthem, exposing 78 million customer’s personal information, occurred when hackers broke into their servers as a result of human error/employee negligence from a targeted phishing attack.
These are just two examples of how cybercriminals are exploiting the interconnectedness of your customers' and employees' personal and work devices/networks to gain access to — and steal — sensitive business and customer data.
As we highlighted early on in our Cybersecurity Awareness Month (CSAM) blog series, access to business and customer data can wreak havoc on business operations including lost time, decreased productivity and morale, and significant remediation expenses. Remember, Iris® Identity & Cyber Protection’s ROI calculator can show you just how much you could save by offering comprehensive identity protection to your employees.
All this is to say, don’t be scared – be prepared! Here are three tips and tricks you can take to protect your business and customers:
Limit/Reduce Exposure of Your Data to Cyber Ghouls. First and foremost, follow best practices around limiting access to your networks. Keep in mind that your work networks may now be accessed from virtually anywhere, so be sure to have a clear sense of who can access what and when. Secondly, reduce storage of customer data on individual work machines and limit who has access to that data. Just like HR is one of the few departments who has a view into personal employee information, customer data should be shared only with employees who have a business need. Remember, if you collect it, you must protect it. Be sure to follow the Federal Trade Commission’s (FTC) Disposal Rule and only collect what you truly need and dispose the data you don’t.
Enable Protection to Restrict Access of Cyber Villains. According to the 2020 Verizon Mobile Security Index Report, 39% of companies reported having experienced a security compromise involving mobile/IoT devices during the past year and 66% of those indicated the impact was major due to downtime, loss of data, damage to reputation, regulatory penalties, etc. With more people continuing to work from home, you cannot rely on consumers – or your employees – to invest the same amount of protection that you would “in” the office. Cyber villains know this too. So, now, more than ever, businesses should invest in online data protection software that includes more than just anti-virus and anti-malware, but also anti-ransomware, anti-phishing, and anti-spyware software to protect your organization’s IoT devices, employees, and customer data. Additionally, make sure you require multifactor authentication for your devices and services, and strong web filtering technology to identify and/or block and report suspicious activity.
Create/Set-up Systems and Processes to Empower Your Cyber Jedi. The interconnectedness of our use of personal and work devices to access networks is putting consumers and businesses at increased risk. While it may be easier to assign “fault” for not having a strong, unique password for email, we have to remember that cyber criminals are not just focused on accessing your customer’s or employee’s email accounts; IoT devices such as smart watches, speakers, and security systems all provide entryways for cyber criminals to exploit. According to Cofense’s 2019 Malware and Phishing Threats Review, 74% of phishing attempts are credential attacks seeking access to your business.
As criminals employ more sophisticated tools, your business should provide tools for your employees to be able to protect themselves and your customers through established policies, including the frequency in which they are required to update software and IoT device passwords. Remind your customers and employees of simple but critical steps such as locking devices, setting up multifactor authentication, updating software, and perhaps most importantly, not just clicking “next,” “accept,” or “dismiss” on notifications or software updates without doing due diligence to understand what is being asked of them and how their data is being used. Additionally, ongoing training for employees on security info management & cybersecurity threats (i.e. phishing, ransomware, malware, etc.) is a must.
More than anything, businesses and their employees and customers need to understand the risks IoT devices carry as well as the need to know how to spot and report suspicious activity. We’re all vulnerable so all of us – your business, employees, and customers – have a shared responsibility to #BeCyberSmart.
Thanks for tuning in to our weekly CSAM blog series! Looking for even more #BeCyberSmart tips & tricks that you can implement in your business beyond Cybersecurity Awareness Month? Follow us on Twitter, LinkedIn, and Facebook, and check out our other 2020 CSAM blogs!