Company Network + Private IoT Devices = Trouble

 Originally published on August 20, 2019 by Patrick Gebhardt
Last updated on March 29, 2022 β€’ 5 minute read

The days of BYOD have changed the way we deal with our workplace. We now use private devices much more naturally in the workplace, perform certain work tasks using them, and are generally much more flexible. But what are the consequences if more and more employees bring more and more IoT devices to work?

We have already expressed our general scepticism about security on the Internet of Things in many articles. Lots of devices have the disadvantage that security has never been part of their design process. Here are some articles for further reading:


πŸ‘‰ Why IoT Devices Are the Trojan Horses of Our Time. And Why Nobody Talks About It.

πŸ‘‰ Alarming Test Results Regarding Cameras, and What We Can Learn from Them

πŸ‘‰ The 1.5 Billion Dollar Market: IoT Security


πŸ“± As far as IoT devices of corporate employees are concerned, the scenario is similarly gloomy and basically resembles general IT risks. As with these, attackers try to exploit vulnerabilities in IoT devices. Some of the most spectacular IoT-related security incidents were based on exploiting vulnerabilities, although patches were already available for many of them. Patch management, for example, is an important issue for companies to address. As early as the onboarding process, employees should register their devices with the IT department before they are allowed to connect them to the network. This process should include appropriate security settings. A permanent awareness program is also recommended to remind employees to regularly install patches and updates provided by the vendor.

⌚ Devices can get lost. There is a risk that confidential information or personal data, such as e-mails or note apps, may be leaked to the outside world. If devices have been used in a BYOD network, there is a greater risk that company information may be found on them. It is advisable to check the security settings of IoT devices regularly and adjust them if necessary - especially with regard to their network access and the storage of data on the device. Particular attention must be paid to compliance with data protection and security regulations. Employees should be encouraged to log on devices they have brought with them and to use existing multi-factor authentication and encryption capabilities of their devices. They should also inform IT about lost or stolen devices.

πŸ”’ If employees bring one or more IoT devices to work, there is a lot to consider. Employees should familiarize themselves with the specific features of their devices and also learn about any hidden functions. What the IT department is able to do cannot be answered in general terms and can vary from case to case. Other possible steps would include setting up a dedicated network for IoT devices and a multi-layered security concept to quickly detect attacks.

Have you had problems with IoT devices in your organization? Or do you have an opinion on this? Share it with us! πŸ‘‡