How many connected devices have you added to your household since March 2020? Be sure to count fitness trackers, speakers, gaming machines and even your Tesla, if there’s one in your driveway. Were you one of the many people who waited months for a Peloton? Don’t overlook your new bike. Now add in all your voice-based assistants, such as Google Home and Alexa. One more thing: don’t forget to check in your kids’ rooms. These might make a difference to your employer’s IoT security.

In the pandemic, many people purchased new connected devices for their personal entertainment and to make daily life easier. Ordr’s report Rise of the Machines 2021: State of Connected devices IT, IoT, IoMT and OT found that there were two times more personal devices this year than in 2020.

IoT Security From Home to Work

Those devices have an impact on cybersecurity. Yes, most companies have a policy that employees aren’t supposed to connect personal internet of things (IoT) devices to the work network. But that doesn’t stop everyone. The Ordr report discovered that many businesses have unauthorized personal devices connected to their network (referred to as shadow devices) at any given time. This isn’t referring to legitimate bring your own device (BYOD) cases, like using your personal phone for work, but instead devices connected to the internet without a business purpose. (BYOD security should also be on your mind, but it’s not exactly the same as these unintended connections.)

Infoblox found that one-third of companies in the U.S., UK and Germany have more than 1,000 shadow devices connected to their network on a typical day. In addition, 12% of UK organizations report having more than 10,000 shadow devices on any given day.

What makes someone decide to connect their Peloton to their work network? And why don’t organizations actively police this? It’s hard to know for sure. Work and home have blurred in the pandemic, which has continued for almost two years. It follows that some of the connections that put IoT security at risk are mistakes. Others are likely on purpose. For example, people might want the advantage of higher performance and network speed. I mean, who wants a frozen screen during a workout?

Enterprise Network Performance and Security

How does this situation impact the IoT security of the enterprise network? Not surprisingly, the increase in devices requires more bandwidth, which affects the network performance. This also compounds the existing problem of Zoom meetings taking up more bandwidth and causing network issues. The result is slower response times and lags in applications. A few seconds here and 10 seconds there seems small. However, the time spent over thousands of employees throughout the day quickly adds up to significant productivity loss. Not to mention employees who feel they don’t have the tools — a reliable and fast network — to do their job properly are likely to not be as satisfied and engaged in their jobs or with their employers.

Personal devices connected to enterprise networks do create security risks. How, exactly? While organizations focus on IoT security for business-related connected devices, they don’t take the same precautions with personal devices. After all, in most cases, they don’t even realize the devices are connected to the network.

The Infoblock report does detail the security issues caused by shadow devices, including data infiltration, direct denial of service, botnet armies and ransomware. While each type of attack is a bit different, all have a common theme. The attacks start by breaking into a poorly-secured IoT device. Most IoT devices designed for personal use do not meet enterprise security requirements. In other cases, the user does not correctly configure and secure the device.

Is the increase in cyberattacks since the pandemic began related to shadow devices? Maybe, but it’s hard to say.

How to Mitigate Overload and Risk

Most organizations already have a policy forbidding personal devices on the corporate network. Now, businesses need to enforce those existing policies. If you don’t have a specific IoT security policy, now is the perfect time to write and roll one out. The issue of shadow devices will only grow into a bigger problem from here.

Communicate the new policy, or remind employees about the existing policy. That way, people can (hopefully) voluntarily disconnect their shadow devices from the network. Be sure to include specific types of devices. In addition, request that everyone checks all connected devices in their home to make sure none are connected by mistake. You can increase compliance and reduce support calls by including directions for how to check the connectivity of common devices.

Once everyone is aware of the policy, the next step is to gain visibility of all devices connected to the network. Many organizations use an on-premises IP address management system (IPAM) to help with this task. Once you’re aware of all connected devices, you can determine which employees still have unauthorized devices connected to the network. You may need to check IP addresses. Then, you can get in touch directly with those employees to remove those devices.

Make IoT Security a New Year’s Resolution

By continuing to monitor all connected devices and following up on shadow devices, you can improve your network’s performance and security. However, addressing shadow devices is not a one-time event. You will need to always monitor and follow up regularly on personal devices connected to the network. Many people get new connected devices for the holidays. So, consider sending out another communication when employees return to work the next year. You should then also closely monitor devices during the first few weeks in January. That way, you can make sure all employees followed the directions you provided.

It’s unlikely you will be able to remove all shadow devices from your network. However, all organizations can significantly reduce the risk and impact through education, monitoring and follow-up.

Find out more about unified endpoint management solutions.

More from Data Protection

Cybersecurity 101: What is Attack Surface Management?

There were over 4,100 publicly disclosed data breaches in 2022, exposing about 22 billion records. Criminals can use stolen data for identity theft, financial fraud or to launch ransomware attacks. While these threats loom large on the horizon, attack surface management (ASM) seeks to combat them.ASM is a cybersecurity approach that continuously monitors an organization’s IT infrastructure to identify and remediate potential points of attack. Here’s how it can give your organization an edge.Understanding Attack Surface ManagementHere are some key…

Six Ways to Secure Your Organization on a Smaller Budget

My LinkedIn feed has been filled with connections announcing they have been laid off and are looking for work. While it seems that no industry has been spared from uncertainty, my feed suggests tech has been hit the hardest. Headlines confirm my anecdotal experience. Many companies must now protect their systems from more sophisticated threats with fewer resources — both human and technical. Cobalt’s 2022 The State of Pentesting Report found that 90% of short-staffed teams are struggling to monitor for…

The Importance of Modern-Day Data Security Platforms

Data is the backbone of businesses and companies everywhere. Data can range from intellectual property to critical business plans to personal health information or even money itself. At the end of the day, businesses are looking to grow revenue, innovate, and operationalize but to do that, they must ensure that they leverage their data first because of how important and valuable it is to their organization. No matter the industry, the need to protect sensitive and personal data should be…

Meeting Today’s Complex Data Privacy Challenges

Pop quiz: Who is responsible for compliance and data privacy in an organization? Is it a) the security department, b) the IT department, c) the legal department, d) the compliance group or e) all of the above? If you answered "all of the above," you are well-versed in the complex world of compliance and data privacy! While compliance is a complex topic, the patchwork of regulations imposed by countries, regions, states and industries further compounds it. This complexity has turned…