The security risks of SMBs utilizing consumer-grade IoT products

July 29, 2020Homefield IT

Cloud ServicesIT Consulting & StrategySecurityTech Support & Managed IT ServicesTelecommunicationsConstructionEducationFinanceHealthcareLegalReal Estate

The Internet of Things (IoT) represents a massive opportunity for businesses of all sizes – it’s not just big enterprises that can make use of this network of sensors and devices. Small-to-mid size businesses (SMBs) can, and should, get in on the action of IoT devices, which includes virtual assistants, smart locks, security cameras, thermostats, etc. However, any SMB that incorporates IoT must also spend a considerable time on security measures since these networks are full of valuable and sensitive data that hackers want to get their hands on.

Consumer vs. professional grade IoT products

According to Hewlett Packard, 70 percent of the most commonly used consumer IoT devices contain vulnerabilities. On the surface, many smart home and business products look the same – identical mechanical design, similar capacity, and matching form factor. Despite the similar physical appearance, there are usually significant differences between professional and consumer-grade products when it comes to security.

While SMBs may be trying to be fiscally responsible and buy less expensive consumer products, there is a reason why these products cost less, and it’s important not to purchase and implement them. Anything that’s connected to the internet has the potential to be hacked and misused; this becomes especially unsettling, considering the amount of personal data IoT devices collect and use.

Many professional-grade products have a consumer-grade equivalent, but there’s a reason why the professional-grade is expensive and the one that well-developed companies go for. Consumer products don’t meet industry standards and therefore, won’t safeguard your organization. Any IoT device that is being installed should be meeting far more demanding cybersecurity requirements before being approved for use, including on-going support like driver and firmware updates.

Security systems

Physical security systems such as cameras can be a back door into IT networks, making them a prime security risk to an SMB. A series of security vulnerabilities in a range of popular smart cameras (Ring, Nest, etc.) leaves these products vulnerable to hackers, who can exploit them to conduct surveillance and compromise other parts of the network the device is connected to. The fault in the design of these consumer-grade CCTV products is especially appealing to hackers because it provides an easy entry point for attacks.

For network-attached equipment, there are several suitable choices for managing security that is considered professional/enterprise-grade equipment.

• Physical security like CCTV and BAS/BMS from Honeywell
• CCTV from Cisco Meraki
• CCTV from Ubiquiti
• Advanced security options from your network/router OEM

Software

Consumer-grade software is not built to secure business setups and networks. It is generally designed to protect one or a handful of devices. SMBs using consumer-grade software may be opening up an avenue for attacks. One example of this is using office products like Open Office as opposed to Microsoft Office. While Microsoft Office is the more costly option, it’s the smarter choice because Open Office doesn’t get patched regularly. Security also isn’t as strong because Open Office isn’t relying on it for revenue. On the contrary, Microsoft has more of a responsibility to customers to keep data secure.

Open-source tools let users know about potential security issues. On the other hand, Microsoft keeps any issues secret to prevent hackers from finding out about them. While Microsoft Office is the more secure choice, be sure to still follow standard security procedures. Install updates and patches as soon as they are released and also maintain firewalls, antivirus, and anti-spyware software.

Wi-Fi

SMBs can’t afford to compromise the security and reliability of their Wi-Fi networks. Consumer-grade Wi-Fi solutions just won’t cut it. It’s critical to implement a wireless solution that is made for the security strains that SMBs experience.

Too often, businesses offer guests access to the same stream that carries internal data. This is a risky move considering it can compromise customer’s financial data or personal employee information. Wi-Fi segmentation allows you to keep your guests and employees on two separate paths, creating a more secure network environment.

Many SMBs may question whether or not they can afford to switch from a low-cost Wi-Fi solution to a higher cost solution. The answer is simple. It’s absolutely worth it to pay the premium cost to avoid any security breaches that would, in return, destroy your business. Options for this include network equipment from Cisco Meraki or Ubiquiti.

It’s even more imperative now to ensure your Wi-Fi equipment is still supported by the manufacturer as a critical security hole was just demonstrated by the cybersecurity firm ESET at the RSA Conference in February 2020. This bug, given the moniker Kr00k, allows for bypassing encryption that had been their guild standard for years. An update resolves this bug, but there’s no guarantee that the manufacturer will release patches for their low-end hardware.

Takeaway

IoT implementation in the enterprise isn’t slowing down, and new consumer-grade products will continue to be introduced to businesses. While professional-grade products may be more expensive, they are better equipped to handle the security threats facing SMBs. Invest in the proper technologies from the start to avoid cyber threats that could have damaging effects on your business.