CIOs Need To Understand The Risk Of Internet Connected Devices

CIOs need to ask the right questions before connecting everything to the internet
CIOs need to ask the right questions before connecting everything to the internet
Image Credit: Ryan

Just in case you’ve been living under a rock for a while, you may not be aware of this thing that is being called the “internet of things” (IOT). What people are talking about when they talk about IOT is the growing number of devices that can be connected directly to the Internet. In a typical work environment this can include everything from copy machines, fax machines, coffee machines, and even video cameras. There are a lot of benefits that come from this connectivity; however, at the same time the person in the CIO position need to become very aware of the downsides that are associated with tying all of these devices to the internet.

What Are The Issues With IOT?

There is a definite upside to being able to connect workplace devices directly to the internet. There is the convenience that when software updates that can improve a products performance become available, they will be automatically installed on the device. However, this connectivity also creates a security challenge for the person with the CIO job. When devices are connected to the internet, it is possible for them to become infected with malware which will cause all manner of headaches for CIOs.

The biggest challenge that CIOs are currently facing when it comes to devices in the enterprise which directly connect to the internet is that there is currently no way to determine how secure the device is when they purchase it. The good news is that a number of organizations are currently working on creating standards and certifications that can be used to label devices regarding their security level. However, as of right now CIOs are pretty much on their own.

The challenge with a lot of the standards that are being produced to provide more information on the security and privacy issues that a device has is that most of them don’t currently have a completion date set yet. The firms that are in the process of developing security and privacy standards for internet-connected devices are working with a large number of partners. These partners can include firms that make privacy protection software, firms that rank other company on their privacy practices, and firms that both research and test products for internet safety.

How Can CIOs Stay Secure With IOT?

CIOs need to start the process of making sure that workplace devices that are going to be directly connected to the internet are secure by taking the time to do some research on the manufacturer of the product. This can be as simple as reading both online product manuals and customer reviews in order to determine how a device operates and what support it has built in to handle both security and privacy. This is key for devices that will be used by the department for a long time – companies can get acquired, go out of business, or just drop support for a given product.

Sadly enough, most attacks on internet connected devices occur because the attackers have learned the device’s default username and password. This means that as the CIO it’s going to be your responsibility to determine if you can change the default username and password on any device that you purchase. You may have to search for instructions on how to do this. The instructions may be on the device’s box, on the manufacturer’s web site, or even in a YouTube video. Keep in mind that these are the same places that hackers can go to find out what the default username / password is. Keep in mind that you are not going to want to use the same password that you use for other devices that are attached to your corporate network.

One of the most important things that a CIO is going to have to do is to discover just exactly what data the device that is connected to the internet is going to be collecting and where it might be sending that data. There are a whole series of questions that you should be asking about this issue. Specifically, if you don’t like what data the device is collecting, can you change it? Where does the collected data get stored? How long will it be stored there? Will it be shared with anyone or (worse) sold to anyone? Is it possible for you to wipe the device to remove its stored data?

What All Of This Means For You

The world in which we live is changing. CIOs are responsible for the importance of information technology and part of this now includes the brand new “internet of things”. CIOs are now being presented with the opportunity to purchase equipment for their companies that connects directly to the internet. This new feature is both a good thing and a bad thing.

It’s a good thing because now equipment can get software updates from manufactures automatically. This means that they’ll always be up-to-date. However, by connecting themselves to the internet this also allows devices to potentially become infected with malware. A big problem that CIOs are facing is that there is currently no accepted classification of devices that describes their security or privacy protections. The responsibility for securing these devices falls on CIOs. This means that they need to take the time to research the manufactures, change default usernames and passwords, and discover exactly what kind of data the devices will be collecting.

CIOs need to take a careful look at exactly what devices in their company they allow to be directly connected to the internet. Only those devices that can benefit from such a connection should be permitted to have access. Those devices that will be connected to the internet must be checked out and CIOs need to understand what they are getting into before anything gets plugged in.

– Dr. Jim Anderson
Blue Elephant Consulting –
Your Source For Real World IT Department Leadership Skills™

Question For You: Do you think that CIOs should conduct an annual review of what devices they are permitting to be directly connected to the internet?

Click here to get automatic updates when The Accidental Successful CIO Blog is updated.

P.S.: Free subscriptions to The Accidental Successful CIO Newsletter are now available. Learn what you need to know to do the job. Subscribe now: Click Here!

What We’ll Be Talking About Next Time

One of the most important jobs that the person with the CIO job has is to keep the company’s networks and data secure because of the importance of information technology. This means that they are responsible for implementing systems and procedures that will keep the bad guys out. We purchase and implement products that require our users to correctly identify themselves before they are permitted to access important company resources. So far these systems seem to be working fairly well – the bad guys have not been able to guess how to defeat our security measures. However, with the arrival of quantum computing this may all change. What do CIOs need to do in order to get ready?