Story image

Why Australian businesses must secure guest access and IoT devices

24 Apr 2018

Australian organisations must be aware of their responsibilities surrounding data breach legislation – and that includes making sure any Internet of Things (IoT) devices are properly secured.

Networks need to be fully compliant – and that includes devices and applications used by contractors, third parties, and guest that plug into the network, says Wavelink.

“Organisations must also realise the value of the data they possess. Contractors, third parties, and guests plugging into the company’s Wi-Fi network must be limited to accessing only the data they require. Everyone, including third parties, must comply with company security policies and practices,” comments Wavelink’s national business developer for Fortinet, Hugo Hutchinson.

“Security breaches affect a company’s reputation and may result in significant consequences, with the cost and ramifications following a security breach potentially far more than the cost of initial investment in adequate protection measures.”

Eligible Australian businesses must now report notifiable data breaches (NDB) to the Office of the Australian Information Commissioner (OAIC). The OAIC’s first published quarterly report found 63 breach notifications were received in the first six weeks alone, the company says.

With the introduction of Europe’s General Data Protection Regulation (GDPR) in May and other countries, including New Zealand, expected to introduce similar legislation, organisations need to comply with more regulations than ever. For example, GDPR affects companies in any country that does business with customers in Europe, which means many Australian companies could be subject to the legislation and some might not even know it. 

IoT devices are of particular concern, the company notes. They include wearable technology, voice-activated devices, and smart appliances. Because they don’t generally come with inbuilt security, they are vulnerable to unauthorised access.

“Schools and hospitals are subject to NDB requirements and they tend to be prolific users of IoT devices, as well as having hundreds of users, including guests, accessing their networks. These organisations must operate an appropriate security and compliance system otherwise they may held liable for any breaches that may occur,” Hutchinson says.

Businesses must be able to see IoT devices on a network, authenticate, and classify them so they can be protected. That requires visibility, segmentation, and protection through an entire infrastructure.

“Businesses shouldn’t assume that IoT devices are inherently secure because they’re not. Before connecting any IoT device to the network, businesses must change the default usernames and passwords at a minimum. From there, it’s still crucial to implement a security solution that delivers visibility and control into what devices are connected and how they’re being used,” Hutchinson concludes.

Avi Networks: Using visibility to build trust
Visibility, also referred to as observability, is a core tenet of modern application architectures for basic operation, not just for security.
Privacy: The real cost of “free” mobile apps
Sales of location targeted advertising, based on location data provided by apps, is set to reach $30 billion by 2020.
Myth-busting assumptions about identity governance - SailPoint
The identity governance space has evolved and matured over the past 10 years, changing with the world around it.
Forrester names Crowdstrike leader in incident response
The report provides an in-depth evaluation of the top 15 IR service providers across 11 criteria.
Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.
Security professionals want to return fire – Venafi
Seventy-two percent of professionals surveyed believe nation-states have the right to ‘hack back’ cybercriminals.
Alcatraz AI to replace corporate badges with AI security
The Palo Alto-based startup supposedly leverages facial recognition, 3D sensing, and machine learning to enable secure access control.
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.