Smart Office

Make your job easier, not the hacker’s.

The Smart Office is a rapidly evolving concept. It consists of integrating technologies into work environments, in order to facilitate a series of common tasks in the daily organisation of work. The goal is to gain flexibility and productivity and allow employees to focus on their essential tasks. Beacons, sensors and mobile applications constitute the basic building blocks of the Smart Office which make it possible to streamline or even automate a large number of processes. Example: a connected coffee machine allows you to better manage its operation as well as the coffee supply, but be careful: a coffee machine can pose risks to your privacy and the security of your data.

Advantages:


• Comfort in the workplace
• Security
• Employee productivity
• Optimised use of space
• Reduced energy consumption

The ingredients of the Smart Office are in particular:


• Smart sensors (e.g.: to measure air quality, movements, temperature, etc.)
• Remote control applications
• Real-time space reservation applications, to optimise space occupancy
• Applications with indoor location
• Digitised access badges, guaranteeing simplified security
• Collaborative applications that simplify teamwork
• Video conferencing systems.

Main risks

Artboard 2

Data leak

Can do as much damage as a water leak...

Data leak

The proliferation of connected devices and their growing interconnection generate an increasing amount of data that is transmitted between devices and then over the Internet. This greatly increases the risk of security vulnerabilities being exploited. An IoT system is like a chain with the same level of security as the strength of the weakest link. You should also be wary of certain interfaces or technologies, such as Bluetooth, which is also vulnerable by design. They can be compromised easily, which can lead to information leakage. Unfortunately, the risk of an information leak often arises from negligence in the use of the IoT object in its digital environment. There may be many reasons for this:
• purchase of equipment with archaic and insecure communication protocols,
• insufficient IT security configurations,
• weak or no passwords,
• voluntary or involuntary provision of data by the user.

But the result is the same: an information leak can endanger entire organisations or the private lives of individuals.
Artboard 1

Diversion

An army of robots who want to harm us…

Diversion

Connected objects can also be objects of attacks that do not target them directly, but aim to turn them into "zombies" to form networks of remotely controlled "botnet" robots. These botnets are generally used to launch denial of service attacks (DDOS - Distributed Denial of Service).
In case attackers manage to take control enough IoT devices to form a botnet, they can activate them simultaneously to generate an intense artificial data flow and overload networks. This results in the unavailability of information networks or systems, sometimes vital for individuals, companies or communities.
Artboard 4

Tracking

You cannot hide…

Tracking

The use of increasingly intrusive connected objects makes it possible to control individuals, whether through the use of cameras, geolocation or monitoring of connected devices. Some unscrupulous managers may see a possibility in this technology to increase the productivity of their employees by applying constant control of the workplace.

Protection tips

Artboard 1

Password

0000 is null for the password...

Password

The first precaution to take is to ensure a high level of password complexity. A password must contain a mixture of upper- and lowercase letters, numbers and special characters. You can test the strength of your password through free tools such as https://howsecureismypassword.net/.

Default accounts of connected objects are generally known and appear in public documentation. It is, therefore, very easy for an attacker to test these front doors in an attempt to take control of an IoT. When first accessing the configuration settings of the IoT device, it is advisable to create your personal administrator account and then delete the default accounts. This way, attacks on these easy targets can be prevented.
Artboard 7

Regular updates

Patch, Patch, Patches…

Regular updates

One of the major issues is a common suspect in cybersecurity: failing to install software updates ("patches"). It is particularly important to use the patches provided by the suppliers. This is especially important for connected objects which are -by definition- permanently exposed to potential attacks.

If regular and automatic updates can be activated, it is strongly recommended to activate this option, provided that the protocol is secure and the remote site is trustworthy. In the absence of an automatic update feature, it is advisable to check manually on a regular basis the availability of a software update. This minimises the likelihood of being attacked via known vulnerabilities that can be corrected with regular software updates.
Artboard 10

Recognised manufacturers

« Clever Akafen »

Recognised manufacturers

To reduce risks, it is advisable to choose recognised products from reputable manufacturers. These manufacturers generally have the means to invest in the development of quality products.
Artboard 2

Network

Close the front door…

Network

Once you have made your choice for an IoT product, it is important to identify it and know what the properties of the product are that you integrate into your computer network. By taking an inventory of all connected devices and their particular characteristics, normal activities can be separated from suspicious or unwanted ones. Regular monitoring of the local area network (Wi-Fi), connected devices and their activity will also detect any problems and close doors when they are no longer in use.
Multiple IoT security vulnerabilities cannot always be controlled. The residual risk that a potential attacker could exploit one of these flaws and thus interfere with the local computer network remains very high. If other mission-critical applications are hosted on the same internal network, it is strongly recommended to separate this network into several segments. One logical segment or network should host and/or interconnect the IoT devices, while a second dissociated network would be used exclusively for the hosting of critical information systems.
Certain network elements (routers and firewall for example) allow filtering the information circulating between two networks or network segments. The filtering can, for example, relate to the source or destination addresses and ports, communication protocols, content, bandwidth or the volume of information. In the case of network segmentation, it would thus be possible to filter information exchanged between two segments and, for example, only accept connections between devices identified beforehand according to a well-defined exchange protocol.
Artboard 11

Device deactivation

Because an oversight can become a flaw...

Device deactivation

Any IoT device integrated into the network has potential flaws and vulnerabilities. A device that is not in use may also be forgotten in inventory or security updates. Therefore, do not hesitate to deactivate any device that is not in use.

In addition, an IoT device can have a variety of communication interfaces, the use of which is defined according to the deployment scenario. Again, to limit its exposure to potential vulnerabilities, it is recommended to disable or remove the types of interfaces that are not necessary for the proper functioning of the IoT object in its digital environment.
Artboard 12

Disposal

Because everything has an end…

Disposal

In case of prolonged non-use or obsolescence, IoT devices should be removed from the network and be disposed of. IoT devices often have a memory that stores information or configurations that reveal aspects related to the security of your network. Do not forget to delete this data from the devices.
Artboard 6

Contract

Dura lex sed lex…

Contract

As with any contract, careful reading is required. The general conditions of use (GCU) of a connected object can be long and complex, but they are not trivial because they legally bind their users. The same applies to the conditions of use of the online services associated with these objects.