As I mentioned in my first ZingBox blog, I’ve been a ZingBox customer since the summer of 2016. I’m so thankful for the automated tools it provides me to monitor what my IoT devices are doing, despite poor security from the device makers. In my second blog, I discussed IoT in the education space and some of the unique examples of IoT that you find. In this blog, I’d like to discuss why being a helpful IT department can be an important part of your IoT strategy.
One important component to IoT defense is end user education, which starts with an approachable IT department. You don’t want to be like Nick Burns, your company’s computer guy, from Saturday Night Live.
You might be asking yourself, what should an approachable and helpful IT department do with IoT security? I am a firm believer in the concept that all the end users an IT department supports are their customers. By treating your end users like customers, you’ll build up good will and rapport. By creating this type of relationship, your end users will be more likely to discuss new devices they bring in, versus just blindly connecting things to the network.
Here’s an example that happened recently with me. I had someone I support call and say he wanted to “run some things by me before he messed something up.” I was heading to a meeting, so I mentioned I’d stop by in an hour. Within 20 minutes, I received 6 text messages with a picture of the Airport Utility application running on the laptop of several people. I quickly realized this probably had something to do with the user who had called me earlier.
The application running ended up being from this person trying to play audio wirelessly to a TV in his office (he’s a music professional), and he had brought in his old Airport Express from home. He plugged it into the LAN, and that was what triggered the Airport Utility running. Having previously built a relationship with the people I support greatly helped in this situation. Unfortunately, his impatience led to an issue, but I knew where the source of the problem occurred and didn’t have to scramble to determine who had plugged it in because of the earlier phone call.
I told this story to make a simple point: Your users (internal customers) need to be comfortable enough about you and your network to have conversations about IoT-type devices. If you are rude or condescending when people try to talk to you, they are going to be more likely to just put things on the network without consulting you. This could include wearables, photo frames, lightbulbs in their lamps, etc. It’s not that any of these things are bad news in themselves, but they certainly could turn into an issue.
By being a helpful IT department day to day, the conversations you have with your users about why they can’t always connect all their devices to the network is more likely to be well received. It allows you to have honest conversations about device security, the importance of it, etc. It might even allow you to customize your network in a way that allow these types of devices online while protecting the rest of your network.
A few tips on this topic:
- Be approachable
- Be honest about why users can’t do certain things
- Don’t always rush to say no. If you can find a way to say yes, it will build up goodwill for in the future.
In this environment, you don’t have to adopt the old adage that the customer is always right, but a little friendliness and goodwill will lead to a better relationship. While I wish this was the only necessary component of IoT security, it’s not. That’s why I have ZingBox running on my network to discover all IoT devices running, detect any irregularities or suspicious behavior, and to defend my network from risk.