Story image

Why Australian businesses must secure guest access and IoT devices

24 Apr 18

Australian organisations must be aware of their responsibilities surrounding data breach legislation – and that includes making sure any Internet of Things (IoT) devices are properly secured.

Networks need to be fully compliant – and that includes devices and applications used by contractors, third parties, and guest that plug into the network, says Wavelink.

“Organisations must also realise the value of the data they possess. Contractors, third parties, and guests plugging into the company’s Wi-Fi network must be limited to accessing only the data they require. Everyone, including third parties, must comply with company security policies and practices,” comments Wavelink’s national business developer for Fortinet, Hugo Hutchinson.

“Security breaches affect a company’s reputation and may result in significant consequences, with the cost and ramifications following a security breach potentially far more than the cost of initial investment in adequate protection measures.”

Eligible Australian businesses must now report notifiable data breaches (NDB) to the Office of the Australian Information Commissioner (OAIC). The OAIC’s first published quarterly report found 63 breach notifications were received in the first six weeks alone, the company says.

With the introduction of Europe’s General Data Protection Regulation (GDPR) in May and other countries, including New Zealand, expected to introduce similar legislation, organisations need to comply with more regulations than ever. For example, GDPR affects companies in any country that does business with customers in Europe, which means many Australian companies could be subject to the legislation and some might not even know it. 

IoT devices are of particular concern, the company notes. They include wearable technology, voice-activated devices, and smart appliances. Because they don’t generally come with inbuilt security, they are vulnerable to unauthorised access.

“Schools and hospitals are subject to NDB requirements and they tend to be prolific users of IoT devices, as well as having hundreds of users, including guests, accessing their networks. These organisations must operate an appropriate security and compliance system otherwise they may held liable for any breaches that may occur,” Hutchinson says.

Businesses must be able to see IoT devices on a network, authenticate, and classify them so they can be protected. That requires visibility, segmentation, and protection through an entire infrastructure.

“Businesses shouldn’t assume that IoT devices are inherently secure because they’re not. Before connecting any IoT device to the network, businesses must change the default usernames and passwords at a minimum. From there, it’s still crucial to implement a security solution that delivers visibility and control into what devices are connected and how they’re being used,” Hutchinson concludes.

Accenture 'largest Oracle Cloud integrator in A/NZ'
Accenture has bought out Oracle Software-as-a-Service provider PrimeQ, which now makes Accenture the largest Oracle Cloud systems integrator in Australia and New Zealand.
Australian businesses get serious about SD-WAN
"SD-WAN is doing to enterprise networks what virtualisation did to enterprise data centres almost a decade ago, but it's happening much faster."
How to keep network infrastructure secure and available
Two OVH executives have weighed in on how network infrastructure and the challenges in that space will be evolving in the coming year.
White box losing out to brands in 100 GE switching market
H3C, Cisco and Huawei have all gained share in the growing competition in the data centre switching market.
Gartner names newcomer Exabeam a leader in SIEM
The vendor landscape for SIEM is evolving, with recent entrants bringing technologies optimised for analytics use cases.
52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.
How Fujitsu aims to tackle digitalisation and the data that comes with it
Fujitsu CELSIUS workstations aim to be the ideal platform for accelerating innovation and data-rich design.
Genesys PureCloud generates triple-digit revenue growth year on year
In Australia and New Zealand, the company boosted PureCloud revenue by nearly 100%.