12 Tips for Mitigating Security Risks in IoT, BYOD-driven Enterprises

As companies increasingly adopt bring-your-own-device (BYOD) models and expand their corporate network, mitigating security risk becomes increasingly important and more challenging. 

IoT and BYOD are here to stay because they offer cost savings to companies, especially enterprises. Employees can simply log on from their at-home or mobile devices. Moreover, it’s a logistical feat to provide corporate-owned devices to every employee within an enterprise that spans multiple countries. 

The increasing popularity of BYOD means that enterprises are increasingly susceptible to cyber threats and attacks that target devices, big or small, within the IoT. Attacks can occur on major industrial equipment/controls—for example, the recent Colonial Pipeline ransomware attack—or on a cloud platform, like the most recent SolarWinds cyber attack. Surreptitious attacks can take place through minor endpoints, such as a laptop camera or malware on a USB drive. Such attacks can cost a company millions of dollars to remediate. In fact, the average cost of a data breach in 2021 among companies surveyed was $4.24 billion. The growing adoption of BYOD and today’s threat landscape necessitate a solid mobile device management (MDM) strategy to secure all endpoints.  

Also read: IoT Faces New Cyber Security Threats

On a macro-level, enterprise mobility management (EMM) denotes strategies and best practices for mitigating security risks to a company’s Enterprise of Things (EoT). EoT describes the capital, reach, resources, and scale that enterprises have at their disposal to connect physical, geographically dispersed computing machines to the internet and to one another through the enterprise network. IoT and BYOD are thus a subset of EoT. MDM likewise folds into EMM.   

Also read: 5 Steps to Securing Your Enterprise Mobile Apps

Benefits of EoT

EoT has several benefits related to efficiency, tech diversity, and data-driven decision making. It increases efficiency by reducing manual work and automating business processes as well as encourages a more diverse tech ecosystem that connects various devices through applications and platforms. IoT also generates datasets that benefit the broader EoT by proactively maintaining and monitoring the network and any industrial equipment that might be plugged into it through software platforms. 

In spite of the advantages, however, the ever-expanding EoT makes it more susceptible to cyber threats, attacks, and hacks. Below are some tips for addressing such vulnerabilities.

12 Tips for Mitigating Security Risks in IoT, BYOD-driven Enterprises

We’ve divided the following 12 tips into two groups based on what endpoint users and your company’s IT team can do in order to mitigate security breaches.

Cultivate a Security-Oriented Mindset

Your employees have a role to play in mitigating security risks. Taking the following steps lets your employees know that your company takes data protection seriously.

1. Enforce stricter password requirements and regular password changes for all employees.
2. Encourage employees to update their patches regularly.
3. Remind employees not to leave their devices unattended, even if at home, as pets and children can unintentionally gain/share access to confidential information.
4. Educate employees on malware and phishing scams.
5. If applicable, remind employees to keep personal and professional matters on separate devices.
6. Have employees update their equipment prior to or immediately upon returning to the office to avoid device decay, which is the result of failing to update security measures and remain compliant over a long period of time.

Also read: Five Tips for Managing Compliance on Enterprise Networks

Fortify Your Back-End Security Measures

7. Configure shorter timeout sessions on employee devices that access business apps and software.
8. Only allow Wi-Fi connection on secure, encrypted networks.
9. If financially and logistically feasible, get VPN licenses for every remote employee.
10. Segment your cloud and adopt a Zero Trust approach, so that employees have a set parameter within which they can access data in the cloud, especially if they’re working from their personal device.
11. Limit your attack surface by limiting the amount of data that you collect.
12. Conduct routine threat modeling by taking stock of (un)managed assets so that you can classify, prioritize, and invest in security accordingly.

Mitigating Security Risks in your EoT/IoT is Crucial

Data is an asset. It therefore behooves all companies to know what data they have, what data they’re collecting, how it’s being stored, and who has access to it. 

Taking a holistic approach to your EoT ecosystem is a waste of time and resources. Instead, assess which controls are appropriate and where to put them so that you’re investing the most in data security for top-priority areas of vulnerability. 

It would be a mistake to assume that the top-priority areas of vulnerability are the equipment and assets with the highest dollar value in your EoT and therefore are most deserving of extra security attention and investment. Cyber and operational attacks can penetrate your EoT surreptitiously through the smallest, most inexpensive devices that employees use on a daily basis.  

Read next: Best Antivirus Software for Enterprise Security 2021