Businesses are increasingly using smart devices within the workplace and do not consider the security aspects of how these devices connect into their networks. The same can be said for domestic users ...
There are several ways of reducing the risk factor when connecting smart devices. In a domestic setting, most (if not all) smart devices are connected by WiFi. The best option there is to create a secondary SSID or Wi-Fi network called a DMZ, with a different name and password from the main network. In simple terms, this would be like setting up a guest network.
For business users, with complex wired and WiFi networks, using a combination of routers, firewalls, switches and access points, there are numerous ways to add more security to the network. Routers and/or switches can have something called VLAN capability.
This is where you create a different path within the switch to allocate various IP subnets (for example: 192.168.0.1, 192.168.1.1 and 192.168.2.1) so to have pockets of isolation and it is easier to identify which types of equipment there are on the network. For example, all IP phones can be allocated the dot 0 subnet, all IP cameras the dot 1 subnet and so on.
You may even want to create port isolation and lock down each port on the switch to only accept a specific piece of equipment. For example, port 1 only allocates an IP address if it identifies the equipment as an IP handset and not an IP camera.
Depending on the size of your business, there may even be two (or more) internet connections and this can be used to separate the networks further. You could allocate one switch/LAN connection to WiFi-enabled equipment that does not require a fixed connection (for example, WiFi access points, Mobile phones and Tablets) and the second switch/LAN connection to fixed/wired equipment (applying VLAN configuration).
Ask your in-house IT team or your outsourced IT supplier to redesign your networks and also get an external IT audit examination by a specialist PEN tester. A network penetration test shows all the possible leaks within your network and produces a working document from which to work from!
If your in-house IT team or your outsourced IT supplier does not have experience in VLANs or is not sure if your current routers/switches have VLAN capabilities, call in experts to keep your business as cybersafe as possible.
If you feel inspired to find out more then do call me on 07555 807700 or leave a comment below and I'll be in touch as soon as I can.