Pub. 12 2017-2018 Issue 6

NEBRASKA BANKERS ASSOCIATION 15 you see and use often. It can be easy to forget about the backdoors, like the smart thermo- stat installed a few years ago or the Wi-Fi- enabled coffeepot in the kitchen. What topics will helpmy employees secure their IoT devices? When talking about the IoT, a lot of basic security awareness training topics apply (e.g., password security, using multifactor authentication, performing backups of data on the device, etc.). However, it’s necessary to connect these security ideas with the vari- ous IoT devices they use beyond their office workstations. Emphasize the importance of regularly in- stalling security updates on their devices and knowing what kinds of data their devices can access. To drive home the point, stress that this training not only applies to their lives at work but also at home. Encourage social responsibility. Ask your employees to keep an eye on what their kids, parents, and coworkers are doing online, how they connect to networks, and what they are downloading. Don’t make them the “internet police,” but encourage them to find oppor- tunities to educate others in their life, as it only takes one weak link to break the chain of security. What else can I do to en- suremy bank is protected from IoT threats? Review your bank’s policy and determine if employees are allowed to connect personal de- vices to the office network. If they are not, this mitigates much of the threat, but not all of it. If employees are allowed to connect personal devices to the office network, make sure you knowwhat those devices are and who owns the devices, as much as you are able. When possible, implement technical policies to prevent unpatched or jailbroken devices from connecting to the network. Consider providing a separate network for employee devices. When you do this, you can rest easier because your customers’ sensitive information isn’t shar- ing the same communication channels as your coworkers’ unpatched health tracker. Install security patches on the IoT devices you manage on the network as soon as possible. If you aren’t sure how some of your IoT devices receive updates, today would be a good time to figure that out. The IoT at Work The internet is an incredibly helpful tool and the IoT can help us be more aware of our health, better at communicat- ing, and more efficient in the workplace. While IoT comes with its own set of problems, the more we share awareness, the more prepared we will be to take our business securely into the future.  Alyssa Pugh is a Security+ certified Tandem Support Specialist for CoNetrix. Tandem is a security and compliance software suite designed to help financial institutions develop and maintain their Information Security Programs. To learn how CoNetrix can help you, visit www.CoNetrix.com or email info@CoNetrix.com . NGS AT WORK