Don’t look now, but each day your work surroundings are getting smarter and more connected. But as advancements in mobility, IoT, cloud and artificial intelligence are increasingly adopted by facilities, manufacturing, IT and other departments, creating a digital workplace, proportionate levels of risk are also introduced.
For you on the front lines battling increasingly sophisticated cyberattacks, these new network-connected devices mean only more attack vectors to identify and protect against.
Results from an Aruba-sponsored research study further substantiate these additional risk exposures. While smarter workplaces enable employees to be more motivated, with higher rates of job satisfaction and an improved sense of well-being, they also cause workers to take more security risks.
Survey findings suggested that the problem is as much about human failures as it is system and digital workplace design. Employees continue to take risks around connectivity and information security, despite being highly aware of rising levels of cyberattacks.
Despite higher levels of cybersecurity awareness, the vast majority of respondents admitted they inadvertently jeopardized company security in the past 12 months through risky behaviors such as:
- Sharing passwords and devices (70 percent)
- Connecting to unsecure Wi-Fi networks with work-related devices, opening a door to potential hackers (30 percent)
- Letting others work from their company issued devices, creating opportunities for data theft (25 percent)
- Storing passwords on shared work devices, circumventing company security protocols (18 percent)
What Can a Security Pro Do?
To reduce risks during your organization’s journey to become a smart, digital workspace, consider keeping two checklists: one focused on process and people collaborating with your facilities and real estate teams, and another devoted to securing the new technologies enabling the digital transformation.
Below are suggestions for what to include on your lists.
Organizational (Process and People)
- Create a digital workplace roadmap and identify the key technology elements.
- Prioritize a technology strategy and road map to complement the organization’s digital strategy.
- Partner with lines-of-business to agree to open and collaborative digital workplace design but keep security in mind.
- Build collaborative and flexible workspaces that incorporate sensor-based intelligence to support efficient use of space through techniques such as “hot desking.”
- Set goals to both drive and measure the continued transformation of the workplace and its underlying technologies.
Security (Technology and Deployment)
It is important to recognize that a new wave of IoT devices that facilitate smart buildings and digital workspaces will be connecting to the network—both wired and wirelessly—and that these devices are inherently insecure. In addition, digital workplaces are highly mobile experiences, which means how, where and when user devices connect to the network are unpredictable and difficult to control. These circumstances simply add to the increasingly dangerous threat environment and require special attention by the security team.
- Set up an access control system that does not rely on virtual LANs and access control lists, but rather relies on the role of the user or device. By using role-based access control, authorization to use IT assets is independent of the connection. Centralized policies enable the security team to define who and what can connect without making physical network changes to account for new conditions.
- Start with the building design and layout. Identify the devices that will come with the basic facility such as lighting controls, vending machines, etc. and define access policies that limit their traffic to exactly what they need to accomplish their job and nothing more.
- Know what is on your network. Even with comprehensive planning, new devices will inevitably come on the network without IT’s knowledge. Employ a solution that continuously discovers and profiles new device connections so you can build the right policies to control them.
- Continuously monitor network behavior. “Things” do not log. They rarely even carry rudimentary protections and generally cannot support an agent. But, they do have enough compute power to either initiate or participate in an attack. Hence, the only way to detect a compromised IoT device is to monitor its network traffic for changes in behavior.
This two-pronged approach will enable you to play a key role in your organization’s transformation to becoming a smart, digital workplace. By mitigating the risks, you enable other teams to realize the rewards.