The US government is doing something positive around IoT security. With the launch of the US Cyber Trust Mark program, the Federal Communications Commission (FCC) authorized a program and developed rules that bring forward a voluntary labeling standard to inform consumers about the cybersecurity impact of wireless IoT devices they may bring into their homes.

Consumer IoT devices are scattered everywhere, from doorbell cameras to smart appliances, baby monitors, and streaming devices. And unless consumers take the time to review all the available information online about what these device manufacturers are doing with regards to cybersecurity, they have no idea how a given device manages aspects such as authentication, cryptography, data security, or even device lifespan. This new labeling program gives buyers a quick view on the label of the key cybersecurity functions and a QR code (still need to be careful with those!) that can provide details on how the device manufacturer is addressing the security of the device and the associated data.

You may be thinking, “Paddy, this is a good step for consumer devices. How does this impact the security of my business?” That’s a great question. What does the home network of your employees look like? Unless you are security-conscious by nature (or experience), segmented home networks that isolate different devices into their own secured grids are rarer than properly segmented business networks. Compromised IoT devices on the networks of your home/hybrid workers can be used to attack the business devices that your remote employees are attaching to the same home network.

Even if you have no remote employees and you don’t allow BYOD laptops, you still must consider mobile device security. Unless every employee has a cell tower in their backyard and/or unlimited data on all mobile device plans, a majority of employees will still connect their smartphone to their home network to save mobile data charges and have a better experience using these mobile devices. While deploying mobile threat defense solutions onto the mobile devices accessing your business resources is a great way to reduce the impact of a compromised IoT device in this manner, security is all about layers, and having more secure IoT devices is a way to assist here.

Within your business networks, how many consumer-grade smart appliances are connected? Refrigerators, coffeemakers, microwaves, or even smart assistants litter the networks of many businesses because of their availability and ease of replacement. This type of device labeling can provide security and risk leaders with more details on the impact of these devices on the overall cybersecurity posture of the corporate network.

When it comes to commercial IoT devices, there are other initiatives around the world, from guidance to regulation, and within certain markets, there are other requirements and standards that need to be met, such as in healthcare or related to connected vehicles, but like any standard, guideline, or regulation, these should all be seen as the floor to establishing your secured IoT device environment, not the ceiling. With IoT security listed as one of Forrester’s top 10 emerging technologies for 2024, we have a lot of research initiatives going on to bring you, S&R practitioners and leaders, more insight on how to better protect your business when it comes to IoT devices. If you are looking to better protect your organization’s IoT assets, whether they are on your corporate network or your employees’ home network, please schedule an inquiry or guidance session with me to discuss further.