Skip to main content

Government introduces new laws to protect users as smart device sales surge during lockdown

security
(Image credit: Shutterstock / Khakimullin Aleksandr)

The Government is introducing new laws to help protect users of smart devices. The pandemic saw a huge surge in sales of smart devices as the British public looked for ways to ensure that they could continue communicating and working effectively.

Government research found that nearly half (49 percent) of British households purchased a smart device of some kind during the lockdown period. The influx of new devices, and old ones brought back into service by those looking for an immediate resolution to their remote working issues, has offered an opportunity to cyber-criminals. There has been an increase in the number and level of sophistication of cyber-attacks, many taking advantage of users unfamiliar with their new device, or unprotected outdated equipment.

This in turn has had a knock-on effect on the risk of organizations becoming victims of cyber-crime with criminals gaining access to infrastructure and data via users working from home.

New devices, same issues 

The research also showed that six in ten people (57 percent) in the UK reported an increase in their household use of smart devices. This increased use of smart devices is likely to be a result of many things, but drilling down into the figures the age groups that have increased the most are those that are likely to be working (25-34: 65 percent; 35-44: 60 percent; 45-54: 53 percent; 55-64: 53 percent). One can therefore predict that many of these devices are being used for work purposes.

Office for National Statistics data has shown that 32 percent of the UK workforce is working remotely and in order to do so devices were needed to allow them to work effectively. Indeed, IDC found that during 2020 OC vendors shipped 302 million units across the globe, an annual increase of 13.1 percent.

Such a huge shift in working environments has inevitably meant there have been resulting issues. Bring Your Own Device (BYOD) has been a business issue impacting companies for several years. The security implications of employees bringing their own devices into the corporate environment are well documented with insecure passwords, older devices that are no longer supported or those that have not been recently patched.

This BYOD problem has been exacerbated by the pandemic. Employees are not only in many cases using their own devices but are now doing so outside the corporate network. Any measures of protection working in the office provided have now gone, but employees are still logging into sensitive networks.

One of the major issues is that older devices are no longer supported by manufacturers. This means that they are no longer automatically updated with the latest updates or security patches, leaving them vulnerable to attack. Many individuals have no idea as to when that support ended and are oblivious to the fact that as a result they are leaving the door open for cyber-criminals to enter. Another factor is that many of these new devices come from factories with universal default passwords such as ‘password’ or ‘admin’. Again, unless an individual changes these passwords they provide an open invitation for cyber-criminals to easily guess and gain access to whatever the individual had logged onto.

Government intervention 

With more smart devices being used in the UK and cyber-attacks increasing in volume and sophistication all of the time, the Government has stepped in to help protect individuals.

The new planned law means that customers must be informed at the point of sale the duration of time for which smart device will receive security software updates. It will also ban manufacturers using universal default passwords on devices helping to ensure criminals cannot simply guess the password to gain access to a device. There are also plans to make manufacturers provide a public point of contact to make it easier for members of the public to report vulnerabilities on devices. The legislation is intended to be introduced as soon as parliamentary time allows.

The Government’s intention here is promising. By forcing technology companies to be very clear about when devices will no longer be supported, individuals and organizations are better equipped to protect themselves and their networks as well as understanding how vulnerable they are without support.

The rate at which cyber-criminals are adding layers of sophistication to their attacks means that tech firms are constantly playing catch-up with security updates and patches anyway. Those that are no longer supported are therefore at a massively increased risk of being hacked. By adding these layers of transparency that outline when devices are no longer supported and ensuring better security when the equipment leaves the factory, the Government has gone some way to lower the level of risk to home workers.

Companies need to support employees 

Whilst the Government’s actions are an important step to placing some of the emphasis on manufacturers and tech companies, organizations also need to continue to support employees working outside of the corporate network. The upheaval caused by the pandemic has piled pressure on IT and security teams within organizations to ensure connections and devices are as secure as possible, whilst allowing business continuity.

Some are turning to consultancies to support IT security. Managed services gives departments and the C-suite peace of mind as it ensures a constant vigilance against cyber-attack. It also means that any patches or updates are recognized and implemented as well as an extended team to help employees work securely from home.

Such support alongside the Government’s actions will go a long way to help close vulnerabilities and the apparent ease at which cyber-criminals can gain access to devices and corporate networks. However, complacency cannot be allowed to drift in. Cyber-security is not a tick-box exercise, it is a constant and ever-changing environment in which companies have to support their employees to protect data.

AJ Thompson, CCO, Northdoor