Security and Privacy Checklist for Smart Devices in the Office

Offices are adding smart devices to their networks. This is good. But it can also be bad. Every new device creates a new security risk. Often times when companies bring on too much new tech at once they are not able to properly secure themselves and leave gaping holes for creepies to crawl through.

As savvy office managers and property owners are coming to discover, smart devices come with their own set of risks. So here’s a list of actions you can take to follow when installing smart tech in the office.

VPN for the Win

Before installing any networked smart tech, it makes sense to lock down your office network, and the easiest way to do so is via a Virtual Private Network (VPN). VPNs create what are known as “tunnels” between your office and the wider internet so that every packet of data entering or leaving your systems will be very hard to penetrate. You might have heard about them as ways to get around regional blackouts for those who want to binge on HBO while on vacation but they are so much more than that.

They can be added to individual smartphones for remote working, or installed onto your office router to cover the entire threat perimeter. That’s probably a safe way to go. Even if the costs are slightly increased, a router-based VPN solution will cast a net over smart cameras, printers, thermostats, and any other nifty gadgets your office relies on.

2-Factors are Better Than One

If you choose to secure your premises with a smartphone activated smart lock, it can have big benefits (such as the elimination of physical keys that are easily lost and replicated by thieves). However, attackers can work around simple smart locks, especially if they have access to user password data.

As a rule, if a lock is protected by a single piece of information, such as a fingerprint, smartphone ID, a voice command, or a retinal scan, it isn’t as secure as it could be. That’s where multi-factor authentication (MFA) comes in useful. MFA adds another layer of authentication, such as physical key cards or a combination of voice and physical evidence.

Sure, it can increase the speed of access, but the security benefits are huge. And in most cases, smart locks can also be calibrated to require MFA outside working hours, when the premises are empty. So during the day, instant smartphone access can still be available.

Gotta Keep ‘Em Updated

As soon as smart office devices enter the marketplace, it’s safe to assume that hackers are assessing them, and picking apart their security systems. In fact, smart devices are becoming an increasingly popular way to access corporate networks during data thefts, but the recommended setup of these smart devices isn’t usually the issue.

Instead, problems arise when devices are installed, but left without updates for long periods of time. No matter which brand you choose, the developers will issue periodic updates and patches to counter known security vulnerabilities. Savvy companies keep a matrix of upgrades with the dates they are applied. And they make sure that upgrades are audited for all connected devices.

Remember, one false move here can compromise your whole office network, so devoting some resources to monitoring updates is vital.

Password: password

Almost all smart devices for office uses will have some form of access control. This applies to security cameras, air conditioning units, thermostats, and even smart vacuum cleaning products.

It might be tempting to leave these devices unprotected, or with standard passwords so that everyone can access them. However, this wouldn’t be a wise move. Every camera or smart speaker needs proper password protection, which means enforcing strong passwords, and ensuring they are regularly changed.

Check permissions as well. Unless the default settings are changed on many devices, they will be accessible to virtually all network users. By all means, make tools available for workers, but double check that admin privileges are reserved for managers.

Cover Your Dongle

In some cases, smart technology is brought on site by workers or visitors, who innocently plug them into devices that are connected to the wider business network. Dubbed “Bring Your Own Device” (BYOD), this may seem like an ungovernable problem. And it’s definitely hard to counteract.

It’s important to educate staff about the dangers of bringing USB-connected audio players, fans, radios, or whatever they need besides their workstations. But education only goes so far.

At some stage, staff are likely to plug unsecured devices into USB ports, effectively bypassing your firewall and VPN protection. This makes it doubly important to implement network-wide antimalware and antivirus scanning, which takes into account every possible entry point for digital threats.

Facilities are IT

Finally, we need to conclude with an organizational issue that plagues forward-thinking companies. When smart tech is introduced, who owns it? Who is responsible for securing it?

The question may seem simple, but it’s surprisingly easy for smart devices to become “orphaned” and caught between different departments. For instance, a facilities team could install a new security or heat management system without properly briefing your network managers. If this includes smart sensors or tools like voice activation, this could essentially introduce surveillance devices into your office without the knowledge of IT experts.

However, if you keep everyone in the loop and operate an enterprise-wide smart security policy, you can enhance your office safely. Just keep this checklist in mind, and you’ll be able to counter the most common security risks with ease.

This is Not the Conclusion

Make no mistake, we are products of the digital age. We have grown accustomed to the power and convenience that comes with having all of our lives data decentralized and all of our devices work with each other. But with these advantages also come risk. Our very power over our digital and now increasingly physical worlds can be usurped with just one lucky string of characters if we are not careful. Even if you have implemented all of these suggestions and consider yourself a security pro, there are always new developments that you need to be aware of. With the recent use of AI to write code you can be sure that the pace of change isn’t going to slow. Only by staying current on cybersecurity news and regularly revisiting your security protocols will the average property industry professional minimize their security risk. If this sounds like too much work then you have obviously not yet had the misfortune of being hacked, infected or worse.

Propmodo is a global multimedia effort to explore how emerging technologies affect our built environment.

More Stories
How Property Firms Win the Tenant Experience Battle With Mobile