7. The Segregation Check
You are only as strong as your weakest link. Every connected device on your network is a door/window in that must be secured, but security is rarely built into internet of things. After all, it's hard enough to secure personal computers and we've been at that as a society for 20+ years. Therefore, you want to make sure that the wifi you give out to people and connect to with your personal phones is separated from your business network. If not, any employee/customer device that comes on your network (and may already be compromised) is now a door to the good stuff (i.e. sensitive data).
EXAMPLE: The October 2016 attack that brought down the internet for a day was the result of compromised "internet of things" devices such as "smart" connected baby monitors, printers and refrigerators.
The Spot Check:
STEP 1: On your work computer (while in your normal office/workspace), open up a browser and Google "whats my ip"
STEP 2: Immediately after, pull out your smart phone and connect to the wifi in your office (if applicable)
STEP 3:, open up a browser and Google "whats my ip"
PASS: The first 3 numbers (in red above) separated by periods do NOT match between your phone and computer.
POTENTIAL FAIL: The first 3 numbers (in red above) separated by periods DO match between your phone and computer.
- Note: There is a small chance the two networks are segregated, but are using the same network IP space. This is unlikely, but check with your IT person to be sure before yelling at them.
If you fail:
There is a good chance your business network is not separated from the employee/guest wifi network that everyone has access to. You can't control the type of devices and their security level on that network, putting your business and it's data at extreme risk.
- Unplug your wifi and leave it off until it can be segregated. Contact us if you need help as this is included with our service.
- Have a conversation with your IT person about why the two networks aren't segregated.
- Contact Ariento or another vendor you trust to get a vulnerability assessment to see where else you may be at risk and to provide you concrete recommendations for improving your security posture.
If you pass:
Pat your IT person on the back for doing the basics and move on to Spot Check #8!