Protecting IoT if You Work From Home: Q&A with Sean Tufts

September 7, 2021
  • October is global Cybersecurity Awareness Month.
  • This year’s theme is “Do Your Part. #BeCyberSmart.”
  • In this brief Q&A, Andrea Hart of our Solutions Education team hosts Sean Tufts, Optiv’s Practice Director of Product Security for ICS & IOT, addressing IoT devices in the work-from-home environment.


2020 saw a major disruption in the way many work, learn and socialize online. In 2021, the world is still finding its footing. As remote work culture becomes the norm, internet-connected environments are colliding on a scale we’ve never seen before, introducing a whole new set of potential vulnerabilities.


For week 2 of CAM, Sean addresses the growing challenges of IoT in work-from-home environments.


And away we go...


Andrea: Hi everyone. We're back for week two of cybersecurity awareness month. I'm Andrea Hart from our solutions education team. And today Sean Tufts, our practice director for product security, ICS, and IOT is going to talk about connected devices and work from home environments. So Sean, a lot of people are working from home these days, as you may have heard, um, many, this is really the first time. So they're really integrating their company security into their home environment and may have a lot of existing unsecured IOT devices. What advice would you have for these people to keep their personal and their office life secure?


Sean: Yeah, almost every enterprise in the world went from a very known and kind of segmented network that was very encapsulated to now incorporate the living rooms of almost every one of their employees. Um, obviously having some of the foundational efforts of security inside of that piece is, is critically important. I don't think we need to talk about VPNs and those kind of things. I think the IOT phase is the interesting part, right? Because how are we mobilizing and protecting our workforce when we don't really have the edge completely secured yet, but now we're layering in devices we might not know about. And we're allowing more flexibility from work from home, from IP cameras to digital set ups to little underground bunkers, where you can create your own dev environment. Um, and especially for these teams that are actually doing coding, making hardware, all of that has become much, much harder.


Sean: Um, so the thing we've seen success in with our client base is being more intelligent about procurement being more intelligent about how it device gets onto the network and encouraging their workforce to reach out and invent a product before they go buy it on Amazon, right? Yeah. That's going to happen for the big kind of enterprise-level purchases, but for the work from home stuff, um, it's, it's super easy and can really shrink your attack surface, right? Um, the other day I was on Amazon looking for a new webcam. Um, and I had a couple options, right? One was half the cost and coming from China. So I took the serial number, ran it by our IT team, came back and said, hey, that one should be okay. Some simple steps like that, where you're allowing your workforce to be smarter about the devices they'd take on are super easy and can really work to make everyone safer.


Andrea: And I love that idea because it isn't something you have to go through alone. If you do feel that red flag, it makes a lot of sense to go and ask your IT department. So hopefully if you are a viewer at home, if any of this seems like something you may have done or will do be sure you're consulting with your IT team. Uh, so thank you again for joining us for cyber security awareness month. We do have a link to our hub. That's going to have a lot more recommendations, including some actionable checklists that you can take at home to keep your work from home environment safe. Next week, we will talk about IOT in healthcare and meet you here.