Any device connected to the office network - whether a printer, smart thermostat, or videoconferencing device - can be hacked.

If cybercriminals breach these devices, they can access information on other network-connected computers and devices or infect them with malware or ransomware to shut down operations. Hackers target these IoT devices because they are generally not as well-protected as computers.

The security advisor for HP Print recommends that employees who purchase IoT devices for their organization ask manufacturers what security measures they built into the devices and how security can be updated throughout the life of the devices. Purchasers should do this not only for computers and smartphones, but also projectors, monitors, or any other network-connected device, even if the device itself does not store sensitive information.

Always change the default password on IoT devices. Default passwords are easy to guess and are generally the first ones tried by hackers. Plus, a password may be all that protects the device from hackers because many devices lack sufficient security software. Use a unique, strong password for each device, one that is at least 10 digits long, using a combination of numbers, letters, and symbols. 

When a smart device does not need to be connected to the network, disable it. Keep software on IoT devices updated with the latest patch, just as you would with computer software. Finally, turn off “universal plug and play” (UPnP) because this feature makes it easier for hackers to find and access IoT devices.

Include IoT and network security in your annual cybersecurity training for employees. Do not allow employees to connect personal IoT devices to the organization’s network.