As devices you install in your offices start to become ever more connected, there is a temptation to throw caution to the wind and take advantage of the 'Access your device anywhere' claims plastered all over the outside of the box. Don't.
You may think that having access to your network file shares from home is useful (and it is), but there are better, more secure ways of achieving this than just opening up access to the built-in web interface of the device to the Internet - someone will find it, and if you're not using any form of authentication, will be able to see exactly what you can.
The biggest blunder I keep reading about are the people who place their web cams, or full-scale IP Surveillance systems online without ensuring they set up proper authentication first. This basically gives anyone who might want to break into your office, a birds-eye view of where your cameras are, what they can see, and when no-one is in the office! - not a very good idea if you ask me.
Yes, you may want to be able to keep an eye on what's happening in your office when you're not there, but again there are better, more secure ways of doing it, while ensuring that you're not leaving the system accessible to everyone.
If You Put It Online, Someone Will Find It
If you think I'm joking when I say that someone will find any device you make accessible on the Internet, take a look at Shodan (www.shodanhq.com) - a specialised search engine that spends its time looking for devices just like the web cam that's sitting in your office, that are accessible via the Internet. It then stores the information it finds in a searchable database.
Shodan has been in the news a fair bit in the past couple of years, as security researchers like myself have used it to find everything from security cameras in gold mines to controls for an entire holiday park and even a Hydro-electric Dam!
The main difference between the researchers and everyone else whose using Shodan? We tell the people whose stuff we find - the bad guys don't.
Think Before You Plug it In
If you've just bought a new device that claims it's going to 'revolutionise your business' by making it possible for you to 'take advantage of the cloud' please think before you plug it in. Particularly, ask yourself these questions:
- Do I really want access to what this device gives me outside of the office?
- Do I want anyone else to potentially get access to it?
- What would happen if the wrong people got access to the contents of the device?
- How would you explain to your insurance company that the burglars knew exactly where your camera blind-spots were?
Answering these questions will tell you if the promise of the device is really worth the risks associated with it being misused, or whether it's safer to find a better way of giving you the access you need, and you may find you don't really want access to your security system from home after all.
Concerned? We're Here to Help
If reading this has got you worried about devices you've already got that may be accessible to anyone, we're here to help - drop us a line using our contact form and we'll tell you exactly how exposed your business is, and how you can reduce that exposure.