Did you know that many SMART devices that are part of the Internet of Things are built with weak passwords that can’t be changed? This is a dangerous product flaw, and cyber attackers are now hacking millions of unprotected devices that are exposed to the Internet. Companies are paying the price when their systems get hacked, data is stolen, systems get shut down or files are ruined with malware.
And even those devices that provide more adequate password protection are not risk free. Security experts know that employees will write down passwords they can’t easily remember. Or, they start using the same password on every device and website instead of having unique, strong passwords or pass phrases (extra long passwords with spaces included).
Either scenario puts companies at risk. When employees use devices to connect to the network, be it their personal mobile phone, a health tracker, a door lock or a security camera, there will be an associated account login, sometimes for an external website for managing the device. Safe password security and storage is a must to protect enterprise systems and company assets.
Companies should educate employees about the risks of connected devides, and encourage them to change the default passwords of any devices that allow it. They should immediately replace any smart device that doesn’t allow password changes. These are a big target for anyone from hackers in Russia to nosy competitors, and they potentially provide direct access to the device’s login screen. By using the default password, hackers can take over the device and run amok in a company’s network, stealing data or weaponizing the network to attack others.
Employees: Let your manager know if you think there are smart devices in your office that should have their passwords and account access reviewed. It’s also very important not to try to connect any of your personal SMART devices to your office’s network in any way. Talk to your manager.
Managers: Do a full audit of your network’s connections, and check logs to see what devices are being accessed, or trying to access your network. Identify which ones have admin passwords, and make sure they are all strong, and changed from the default. Any that use weak or unchangable passwords, or insecure protocols to communicate should be replaced with something stronger.
Provide your entire team with information and training in password security and test their knowledge. New devices come on the market and threats are always changing, so training is never ‘one and done’. Revisit the subject often and keep testing to ensure your workforce is using strong and secure passwords.
Learn how your organization would benefit from well-designed cybersecurity training. Click here set up a call.