There are about 26.66 billion connected devices on the planet right now, and forecasts predict around seven connected devices per person in 2020. Employees bring those devices into a workplace and connect them to the internet, many times via the corporate network. Here is connected devices in the workplace, and things you need to know to avoid the risk.
Connected devices may be convenient to have around — they aren’t without risk.
An overload of personal tech can disrupt corporate connectivity, halt productivity, and introduce security concerns.
Bandwidth refers to the volume of data that can be sent over a network previously. It just isn’t unlimited, and the more people using the network, the slower it becomes.
When calculating bandwidth requirements, businesses should determine how many employees they’ve, how many devices they are connecting to the network, and what activities each individual often performs.
Before the influx of IoT devices, companies only had to consider one device per employee, maybe two. Also, they only needed to estimate exactly how many employees previously were:
- Video conferencing
- Downloading or uploading large files
- Checking and sending emails
- Using the web for research
- Streaming music or video
- Using VOIP
Those activities are still important for bandwidth requirement purposes.
However, if you’re ending your focus there, you’re missing today’s dilemna. Now, employees may have smartwatches, fitness trackers, smart glasses, and a health monitoring device.
Each employee likely has smart speakers or brings in a good assistant. Consider that when each one of these devices connects to the network, some questions should be asked. How usually are the devices sending and receiving data?
Are these device sending and receiving data in real-time? Is the transfer done in batches through the duration of the day? Whenever a request is manufactured? How much bandwidth are employees’ personal devices using throughout the day?
Without warning, an influx of personal tech can consume a lot of your WiFi and internet bandwidth. How is this consumption has effects on productivity in your company? How much of the usage is causing issues for your clients?
It’s common knowledge that high consumption of internet bandwidth may lead to slow load times for website pages, difficulty opening large files, or issues with video conferences, presentations, or VOIP calls.
In general, you’ll be taking a look at complaints that the internet or the WiFi is slow. As a result, employee productivity are affected. Productivity isn’t the only risk, either. Unsecured personal tech opens up a corporate network to an entire host of potential network vulnerabilities.
A system is only as secure as its weakest point. With personal IoT devices flooding a network, the amount of possible flaws greatly increases.
Frequently, these devices would not have the same security protocols as business devices, but we connect them to the same network — a network that houses sensitive, confidential data.
Confidential, secure data makes employee data an attractive target for hackers.
A personal device that’s hacked is bad news for employees and a lot worse news for companies. As these devices are connected to the corporate network — without proper IoT cybersecurity — your network is vulnerable to:
- Hackers gaining access to sensitive data, including the risk of some body hacking a computer device and using said device to simply take photographs or record video.
- Sabotage of company facilities, such as for example losing get a handle on of the HVAC, or being locked out of machinery.
- Botnets infecting devices and launching distributed denial of service (DDoS) attacks that bring down a network entirely.
These scenarios have happened and are already happening. Criminals hacked a good thermometer in a casino fish tank to steal data about the casino’s highest paying clients.
Home thermostats have already been used as a launch point for DDoS attacks that have left residents freezing and locked out of these own central heating systems. The FDA proved that implantable cardiac devices can be hacked.
Additionally, Corero Network Security reported that companies experienced a typical of 237 DDoS attack attempts per month. The examples do not delay – on. Take these security risks seriously. Design your network to keep hackers and criminals securely locked out.
How to Solve the Problems
Before it is possible to adequately protect your network and optimize your bandwidth, you have to understand what devices are on the network. Of those devices on the network, identify which are corporate devices and which are personal devices.
One way to verify this is through device discovery and device profiling.
- Device discovery alerts you when new devices connect to your network.
- Device profiling identifies the device and sharing information such as for example device type, brand, and operating system.
- Profiling provides details down to the specific make and model.
With the right tools, this process takes only minutes. The identification provides businesses with complete visibility to their wireless networks and lets them understand specifically what the network is supporting and how the bandwidth is utilized.
Your AP vendor may possibly provide profiling. If not, you will find other analytics tools it is possible to turn to for the job.
Now that you know exactly how many and what type of IoT devices are on your own network — how do you keep it all secure?
Many IoT devices don’t have a user interface (UI) that will allow for the installation of additional computer software, like antivirus software. These employee devices could even be lacking the hardware capacity required for such an installation.
What enterprises need to do is flag the devices for anomalous activity, and put such devices on a network that is split up from your corporate network.
Enterprises achieve differentiation when utilizing different SSIDs, VLANs, and subnets, or perhaps a combination thereof. Then further designate device-specific access roles.
After personal devices are identified, flag them, so you receive an alert if they act suspiciously.
Consider a scenario the place where a device defined as a smartwatch suddenly starts downloading or uploading huge amounts of data either to or from your own network. This is an immediate red flag that the device will be used for malicious purposes.
With real-time identification, It may resolve the problem before the negative consequences are too severe.
Make sure you continuously upgrade the criteria used for anomalous detection, allowing your business to keep pace with natural changes in device usage and behavior.
Acting proactively, It may limit the information available to IoT devices by deploying 2 or 3 service set identifiers (SSIDs). The different SSIDs provide varying quantities of network access to different users and devices. Generally, I recommend using three SSIDs:
- SSID 1 — is the most dependable network with strong fire walls and a unique password or certificate for every device. Typically, configure SSID 1 as WPA2 – Enterprise. Limit your SSID 1 to employees and business devices only.
- SSID 2 — is the guest network. It may be open or password-protected (WPA2 – Personal), with or without a captive portal (web-browser based authentication). SSID 2 can require an agreement of stipulations from all users or some form of user login.
- SSID 3 — if needed, you should use the SSID 3 as a catch-all network for just about any other devices. This designation includes personal IoT devices that may have limited band or security protocols support.
Using a slightly different method, businesses could also choose to put all IoT devices on the 2.4GHz network. Then, the company can reserve the 5GHz network exclusively for corporate devices.
Be very selective about which devices join which network.
For example, it could not seem worrisome in case a hacker accesses a printer, but that criminal are now able to see precisely what is printed or scanned in an office. Yikes!
Ensure your employees understand the risks involved if they allow their personal devices to connect to a secure network. Enforce company policies that prohibit such connections.
Quality of service (QoS) technologies enable you to deliver optimal performance for different types of network traffic. The first thing you’ll want to do is classify your network traffic.
- You is as broad or as specific as you prefer for your QoS technologies. Once you’ve determined what kind of traffic you have, there are different methods it is possible to implement.
A differentiated service model configures network hardware so that different traffic types have different priorities.
If voice traffic is just a higher priority than other traffic, the differentiated service model allocates more network resources for peak performance.
You can use bandwidth shaping, also called traffic shaping. Traffic shaping lets you reserve bandwidth for higher priority, business-related traffic. Using shaping, companies limit the bandwidth available to certain applications, or limit bandwidth centered on the source and destination of packets.
For example, it might be possible to reserve 60% of the bandwidth for corporate use and designate only 20% each for IoT devices and guests.
If IoT devices start trying to use more than 20%, bandwidth shaping will usually hold traffic in a buffer and delay sending it until it may be transmitted without going over the configured speed — or drop it.
To determine if bandwidth shaping is necessary for the company, use network tests and device profiling to determine bandwidth utilization with time. Are business applications running slowly as a result of an increase in users? Or is decelerate because of a growth of personal or other IoT devices? Does the bandwidth need to be upgraded? Or, will bandwidth shaping resolve the issue?
Keep it Visible, Keep it Safe
With 100% network visibility, businesses have a much better understanding of their network. The company will know how their networks are growing. They know what devices they’re supporting, and what, if any, security vulnerabilities exist.
As the number of IoT devices continues to grow, this practice will be more necessary than ever.
Implement policies for identification, protection, and traffic shaping. Your goal is to keep your network secure and optimized, no matter exactly how many devices enter the office.