Are There Surprises Hidden on Your Network?
Do you know every device connected to your network? Are you 100% sure? There are almost certainly more than you realise and any one of these could create a risk for your business.
It’s time to go on a treasure hunt. Your challenge is to search out ALL the devices that are linked in some way to your company network. Look everywhere: do colleagues connect their phones to your internet? Is the TV in your meeting room a smart TV? Is the speaker on your desk connected to your computer via a USB cable? Do staff access email from a personal tablet?
Create a map of all these devices: we can almost guarantee that you’ll uncover points where your business is vulnerable to a cyber-attack.
Treasure hunt complete? Now that you’ve found all those hidden devices, read on to discover what you can do to make the most of the important functions that these can offer, without putting your data and company security at risk.
A Very Modern Risk
Businesses today use a wide array of technology ranging from traditional IT devices such as PCs, printers and servers to phones, tablets, and smart devices. It is common for employees and visitors to connect their own devices to a work network so that they can access the internet or use specific services such as media or productivity tools. Increasingly, appliances and pieces of machinery are also connected to the internet and then controlled or monitored from phones and tablets.
Why does this matter? While these devices have the potential to increase productivity, every connected device creates potential vulnerability. Cyber-criminals exploit these devices by using them as routes for ransomware or malware that could infect all the computers and servers on your network, or even allow your sensitive company data to be stolen. You need to have a clear picture of what devices are connected to your network. You then need to have polices and controls in place to manage these devices. Together, these steps will significantly reduce the likelihood and impact of falling victim to cyber-criminals.
What is a network?
A local area network is comprised of cables, switches and wireless access points that work together to connect devices in the same physical location such as an office or factory. Networks vary significantly in size, ranging from a home network supporting a handful of people and their devices, to an enterprise network supporting thousands of users and servers.
The first step is to understand what exactly is connected to your network: you might be surprised to find how many devices are out there.
Be on the lookout for…
- Legacy devices that are running unsupported software
- Employee and visitor-owned phones, tablets, and laptops
- Smart speakers such as Amazon Echo
- Smart appliances such as TVs
- Security cameras
- Wireless access points that haven’t been installed by the person responsible for the network
- Building automation such as HVAC, lighting, and access control
- Industrial automation such as machines with programable logic controllers.
What’s the Risk?
Are you wondering how these devices can pose a risk to your business if they just connect to the internet?
There are two main areas of risk. Firstly, a device that can be remotely accessed via the internet can be used by a third-party or cyber-criminal as a route into your network. Secondly, if someone connects a device that has been infected with malware to your company’s network, then this malware can spread and compromise your desktops, laptops and servers.
Think No-one Would be Interested in Hacking You? Think Again
Whilst some high-profile businesses and organisations undoubtably attract more attention than others, no-one is immune from falling victim to cyber criminals. Hackers use automated processes that scan millions of devices on the internet looking for known vulnerabilities. When they find one they’ll strike – regardless of who owns the device. Something as simple as a Smart TV or Security Camera could be a stepping-stone for cyber criminals to access sensitive business data stored on your IT systems.
Once you have a good understanding of the devices connected to your network, follow our four-step process to reduce your risk
Step One: Assessment
Consider the role each device plays in your organisation:
- What connectivity does it have with other devices on the network? Does it even need to be connected to your company’s network?
Disconnecting the device from the network might be the easiest way to eliminate the risk.
- What steps can you take to minimise the possibility of the device becoming an unwanted route into your company’s network?
Simple steps like changing the default username and password can go a long way to reducing risk.
- Is the device the most appropriate solution?
Necessity is the mother of invention. If your users don’t have the tools they need to do their job, they’ll often find creative ways to solve problems and make life easier. Sometimes this can have risky consequences. Talk to colleagues about what they really need and work together on solutions.
Step Two: Have a Policy and Train Users
A written policy is a great way to ensure everyone understands what can be connected to the network. The policy should describe the minimum standards for networked devices and include key elements such as requirements for anti-virus software, staying current with latest software updates and changing default passwords. It may be a helpful to create a separate policy for employees/visitors bringing their own devices (BYOD) and other non-IT “smart” devices that are owned by the company.
Remember to explain the risks of connecting unauthorised devices and to educate your employees, contractors and visitors about what is and isn’t allowed. If you have a separate network for guests to connect their own devices, don’t forget to let people know it’s there – otherwise they may try to use your internal IT network.
Step Three: Segregate your network into zones
Devices on your network will have differing connectivity requirements. Some will need to access company owned resources such as printers and servers, whereas others will only need access to the internet. Creating multiple network zones is a great way to protect your network and sensitive data on your IT systems. You can group similar devices together and limit access between each zone using a firewall. This way, if a device in one network zone is compromised, it is unlikely that other zones will be affected.
Here are suggestions for grouping devices with similar needs into zones:
- IT Zone – Company owned IT devices such as PCs, printers and servers
- Operational Technology Zone – Manufacturing and building automation systems
- IOT Zone – Smart TVs, speakers and other standalone internet-connected devices
- Guest Zone – Employee and visitor owned devices such as phones, laptops, and tablets
Step Four: Network Access Control
It may be beneficial to implement Network Access Control technology that automatically enforces your business policies. This includes controlling which devices are allowed on your network and what they can access.
With this approach, you can ensure that only authorised devices that comply with your baseline policies can access sensitive IT systems. You can also create a range of access levels depending on the needs of your teams, from limited access to specific network zones to access to the internet only.
Network Access Control technology can also carry out an automatic health check before assigning a device to the correct network zone. You’ll be confident that your policy requirements are met and any devices that aren’t up to date or don’t have the right anti-virus software installed can be quarantined to protect your network.
- Ensure devices have a unique username and password.
Many devices come with a default values set such as “admin/password” which are commonly known and easily exploited by hackers.
- Set up a dedicated Guest WiFi network for any devices that don’t need access to internal IT systems.
This allows devices owned by employees, contractors and visitors to access the internet without posing a risk to the owned computers and servers on your network. Go one step further and connect IOT and other Smart devices to your guest network as well.
- Disconnect devices from the company network if there is no legitimate business requirement.
Just because a device can be connected to the network doesn’t mean it needs to be.
- Keep on top of updates.
Vendors will often release updates for their devices which contain new functionality and address known vulnerabilities.
How Ripley Solutions can help
We hope these tips help you manage employee-owned devices and smart devices on your company’s network.
If you need extra help, we can support you at all stages of your journey, from assessing the landscape and planning to implementing control measures and testing your plans.
Don’t forget to sign up for our FREE monthly challenge. We’ll help you future proof your IT, along with sharing information and resources to support your IT and operational technology infrastructure.
Sign up here to make sure you don’t miss our next challenge
When you sign up, we’ll send you an email reminder each month when the challenge is launched so you don’t miss out.