Smart devices in your office
Any device or piece of equipment in your office that is connected to the internet is called a smart device.
Smart devices in your office may include air conditioners, printers, office tools, TVs, lighting, security systems and even furniture. They can also include portable devices like USB or 'flash' keys, memory cards, smartphones, iPods and e-readers, to name a few.
All these devices save time, effort and money, helping businesses be more efficient.
The problem is devices that have internet connectivity can be exploited and provide a backdoor to your business network, if you don’t properly secure or control them.
Staying safe using smart devices
The smart device industry is booming and expected to be worth $4.7 billion in Australia alone in the next four years.
Also booming is the rate of distributed denial of service (DDoS) attacks. DDoS attacks can make devices or systems that aren’t protected work together to bring down networks. They form what is called a botnet. Attackers use easily available software to scan the internet and find devices that aren’t protected and then infect them with malicious code to form a botnet.
A botnet is a collection of devices that might include PCs, servers, mobile phones and devices connected to the internet, which are infected and remotely controlled to conduct malicious activities. Typically, the owner of the device has no way of knowing a botnet has infected their system.
The more unprotected devices available, the greater the opportunity and scale of DDoS attacks. So while your business may not experience one, your devices may be exploited and used against another network.
Unsecured smart devices can undermine all other security measures you have in place. Do not connect anything to your network that you cannot appropriately secure.
Connected devices that use a camera or microphone can even be exploited to spy on you. It’s important to be aware of the functionality of the devices on your network to ensure your business information and discussions remain only your business.
Think twice about buying second hand
Be wary of buying second hand smart devices off sites such as eBay and Gumtree. They might seem like a bargain but could pose potential risks.
When you buy a smart device from a third-party seller, it’s a lot more difficult to tell where they have come from, whether you’re getting exactly what you think you’re getting, and if it’s been tampered with since it was manufactured.
Make sure it has the latest firmware, downloaded from the manufacturer’s website or app.
Secure smart devices in your office
- Whenever possible, change any default passwords on the device to a secure and private password. If unsure, look up how to change the device settings on the manufacturer’s official website or contact their customer service centre. If the device cannot be secured, reconsider its use and access to your network. Learn how to create and remember strong passwords.
- Make sure your business network is properly secured. Learn how to protect your network.
- Understand how data is stored and shared, and consider the risk it may present to your privacy. For example, many devices relay constant data to the manufacturer for pattern analysis or store information on a cloud service. This is usually detailed in the terms and conditions of use.
- Ensure software updates are set to apply automatically on your device. Learn about updates.
- Follow all instructions when installing and configuring the settings for the device.
Learn more about portable devices, why it is important to manage their usage and how to keep the data on them secure, with the ACSC's Quick Wins for Your Portable Devices.