IoT Security in the Era of Remote Work

Michael Greene
remote work iot security
Illustration: © IoT For All

Arguably one of the largest corporate impacts of the pandemic is the shift in working habits and thus remote work IoT security. At the height of lockdown restrictions, remote working became the norm, and this continues to be the preferred working model for many employees even as offices have begun to open back up. For example, according to a recent Pew Research, 76 percent of employees who are working from home cite their preference as their primary reason for doing so.

Post-Pandemic Remote Work

As employees and employers alike settle into remote working for the long-term, it’s important that they stay abreast of emerging security concerns. When the abrupt pivot to the remote model happened two years ago, both enterprises and employees scrambled to ensure everyone and everything was connected. In the chaos, security was often an afterthought, but companies have an opportunity today to eliminate any lingering vulnerabilities and ensure a more secure remote model.

IoT Security Concerns

When the majority of workers operate out of a physical location, there are generally robust security procedures in place. It’s not always possible—or practical—to implement these when employees are working remotely. In addition, the WFH model introduces its own security concerns, ranging from weak passwords on personal computers, poorly secured wi-fi, or the family’s Alexa passing along malware.

So, what can be done to address these vulnerabilities? Some helpful tips for both IT departments and employees include:

  • Carefully vet collaboration tools before connecting them to help mitigate security vulnerabilities.
  • Do not reuse or share passwords and understand the implications of this poor practice.
  • Deploy technology that automates the detection and prevention of compromised credentials.
  • Watch out for remote-specific phishing scams such as Skype, Slack, and Zoom have all become popular phishing lures.

Network Security

Network security is another important consideration. Employees may be cognizant of security best practices in the office, but it’s not unusual for them to be much less vigilant at home. Companies with remote staff must educate them on home network risks, including the fact that many household products like baby monitors or smart TVs can introduce numerous security vulnerabilities. In addition, there is always the possibility that children or spouses could unintentionally download malware on the home network. For these and other reasons, organizations should encourage employees to set up a separate wi-fi account to be used solely for business whenever possible. It’s also important that employees use their VPN to access any files or systems when they are not physically working in the office.

The Danger of Workarounds

Another concern to be mindful of is the vulnerabilities that arise when employees look for workarounds—something that is increasingly common with remote or hybrid working models. Examples of workarounds include emailing confidential data to personal accounts or copying the information to a USB in the interest of convenience. There are various ways organizations can address this threat depending on what works best for them. For example, they can collaborate with IT to add new resources or files to the intranet or launch other digital services that make it easier for employees to do their jobs remotely. Regardless of how a company chooses to address the workaround vulnerability, it’s important that it also monitors for this activity and continues to educate employees on the threat.


The ubiquity of connected systems is one of the reasons the remote model is so successful. However, companies cannot invest in these technologies without considering the resulting security implications. In tandem with the considerations outlined above, companies also need to educate employees on digital best practices and provide additional guidance to deter would-be hackers and protect their business.

The security concerns associated with connecting a wide array of IoT devices and smart products will continue to grow as more companies embrace the remote model as a standard. As this happens, organizations will have to determine their acceptable tolerance level between keeping the business running and minimizing friction without exposing the company to a host of security issues. This is a cost-benefit decision that every organization needs to consider now.

Michael Greene
Michael Greene - CEO, Enzoic
Michael is CEO of Enzoic, a leading provider of compromised credential screening solutions. He has received industry awards including SC Media Reboot Leadership Award for Thought Leadership and Javelin’s Identity Protection Leaders in Prevention, ...
Michael is CEO of Enzoic, a leading provider of compromised credential screening solutions. He has received industry awards including SC Media Reboot Leadership Award for Thought Leadership and Javelin’s Identity Protection Leaders in Prevention, ...