June 2026 Cyber Insider Newsletter

Your Office Is Getting Smarter. But Is It Secure?

June's Cyber Insider takes a look at IoT (Internet of Things) devices. We walk through why securing these devices is important, and how your IT department can assist in locking them down.

Share Article

An Note from Andy Larin, CEO

Most business owners are quite familiar with routine reminders to install software and hardware updates. We know they matter. We know skipping them creates risk. This practice, often called patching, is a standard part of cybersecurity for modern business. 

What's less understood is that the same principle applies not just to computers but to every internet-connected device in your office. That’s a list that is growing – fast. Smart TVs, routers, thermostats, security cameras, printers: all of them run software, and all of them need to be kept current. 

Smart technology genuinely improves how businesses operate, and I don't want to suggest otherwise. But the "connect and forget" approach many businesses take with these devices is increasingly where attackers find their way in. This month's Cyber Insider takes a practical look at IoT security: where the risks come from, and what a well-managed smart office actually looks like. I think you'll find it eye-opening. 

Here's to working smarter — and safer, 

Andysig


FEATURED ARTICLE 

Your Office Is Getting Smarter. But Is It Secure? 

Think about how many devices in your office connect to the internet. Your laptop, obviously. Your phone, of course. Then there’s the office printer. But what about the smart thermostat in the hallway? The conference room TV you pull up for video calls? The Wi-Fi enabled security camera above the front door? The robo-vacuum that cleans up each night? 

All of those devices are part of what's called the Internet of Things — IoT, for short. With an estimated 22 billion IoT devices now in use worldwide, the "smart office" is here to stay. 

That's mostly a good thing. Smart technology saves energy, improves efficiency, and makes day-to-day operations easier. But it also introduces a question that most businesses aren't asking: who's responsible for keeping these devices secure? 

Why IoT Devices Are a Target 

Unlike your computer or phone, many smart devices don't auto-update or prompt you to manually patch them. And while we hope these devices are secure when they are initially installed, they tend to stay in service long after they've stopped receiving manufacturer support. 

From default passwords to vulnerable firmware, internet-enabled devices can sport some very exploitable weaknesses. For example, a smart thermostat inside a fish tank was used to breach the network of a casino, proving that even “harmless” devices can become a gateway to valuable data.   

5 Commonly Overlooked Security Issues with IoT Devices 

  1. Default Passwords
    Many devices still ship with default logins like admin/admin. Those details are widely available online making attacks much easier for hackers. They actively scan for, and attack devices where these credentials have not been changed.
  2. Unpatched or Unsupported Devices
    IoT devices don’t always receive regular software or firmware updates. In some cases, manufacturers stop providing support after just a few years. Once that support stops a device is considered EOL (end-of-life). That means any newly discovered vulnerabilities remain open indefinitely, giving attackers an easy way in.
  3. Flat Networks with No Segmentation
    In many offices, smart TVs, cameras, and thermostats share the same network as workstations and servers. This allows a successful attacker to access the network and move laterally into more critical systems (see this months “Tech Tip” for more information on Network Segmentation).
  4. Shadow IT and Unmonitored Devices
    It’s common for employees to connect smart gadgets — such as voice assistants or fitness trackers — without notifying IT. These unmanaged devices often go unnoticed, unpatched, and unmonitored, creating invisible risk.
  5. Consumer-Grade Tech in Business Environments
    Many offices use consumer devices designed for home use, which typically lack enterprise-grade security controls or update mechanisms. Over time, these devices become soft targets. 

The Connect-and-Forget Problem 

Smart devices tend to get far less scrutiny than computers and attackers are increasingly exploiting that gap. A conference room TV with two-year-old firmware, a printer still using a default password on the same network as your financial records — these aren't minor oversights. They're open doors. 

The good news is that closing such gaps just requires a clear plan and a few consistent habits — which is exactly what this month's Bulletproof Your Business section covers. 


BULLETPROOF YOUR BUSINESS 

Your Smart Office Checklist: 6 Steps to Secure Every Connected Device 

Smart devices earn their place in a modern office. But left unmanaged, they become the path of least resistance for attackers. The steps below aren't complicated or expensive — they're the consistent habits that separate a secure smart office from a costly incident waiting to happen. 

  1. Change Default Credentials on Every Device 
    Most IoT devices ship with factory login credentials like "admin" and "password" — and those defaults are publicly available online (this includes printers!). Before any new device touches your network, change the username and password to something unique and strong, and store it securely in a business password manager. One unchanged default login is all an attacker needs to get a foothold. 
  2. Keep Firmware Updated — And Replace Old Devices 
    Firmware is the software running inside your device and it can have vulnerabilities. Manufacturers release updates to fix them — but they only work when someone installs them. Make firmware updates a regular part of your IT maintenance cycle. If a device is no longer receiving updates from its manufacturer, it's time to replace it.  
  3. Enable Multi-Factor Authentication Where Available 
    Many IoT devices are managed through a cloud portal or mobile app. Wherever MFA is offered on those platforms, enable it. Even if a password is stolen, MFA blocks unauthorized access at the login stage. This single step stops the majority of account takeover attempts before they ever succeed. 
  4. Put IoT Devices on Their Own Network 
    Your smart TV and your accounting software should not share the same network. Keeping IoT devices isolated — such as on a guest Wi-Fi — means that if a device is ever compromised, the attacker can't easily pivot into critical systems that house your business data. 
  5. Know What's Actually Connected 
    Maintain a simple inventory of every device on your network and review it regularly. Remove anything that's unsupported or no longer in use. Ask your IT provider to run periodic scans for unknown or unauthorized devices — the results often surprise people. 
  6. Check With Your IT Partner Before Adding Anything New 
    Before a new smart device gets plugged in — whether it's a connected TV for the boardroom, or a voice assistant for the reception desk — run it by your IT partner first. They can help you select and safely configure your new device from the get-go, helping you avoid unnecessary cybersecurity risk.   

The Bottom Line: Smart devices are worth having — but they need to be managed like any other piece of business technology. These steps won't take long to implement, and they close gaps attackers are exploiting every day. 

→ Not sure what's hiding on your network? allCare IT can conduct a full network audit and help you build a smarter, more secure office. Contact us to get started. 


TECH TIP 

Network Segmentation: A Simple Security Measure with Immense Benefits 

Think of your office network like a building. Without proper configuration, it's like one big open floor plan — once inside, a visitor can potentially explore every corner of the space.  

Network segmentation divides that building into separate, access-controlled rooms. Each part of your network is isolated so that a user or device in one segment can’t see or interact with a device in another segment.  

A familiar example would be Wi-Fi access at a hotel. Authorized visitors are given access to a “Guest” network, while the hotel’s administrative systems are kept completely separate and inaccessible.  

Segmentation can be accomplished in various ways, but the most common would be:  

  • guest Wi-Fi networks set up through the router or access point
  • VLAN (Virtual Local Area Network) configured with your firewall and switchIt's less complicated to set up than it sounds, and the protection it provides is significant. 

Here's why it matters: if an attacker compromises a poorly secured smart device, segmentation stops them from using that device as a bridge into your critical business systems. The breach stays contained — instead of spreading across your entire network. 

Goal: Ask your IT provider whether your IoT devices are currently isolated from your core business network — and if not, request a network assessment. 


SERVICE SPOTLIGHT 

allCare IT Patch Management: Every Device. Always Current. Automatically. 

This month’s topic made one thing clear: unpatched software is one of the most consistent — and preventable — causes of security incidents.  

It’s challenging for most businesses to stay on top of this vital task. Between operating system patches, application updates, firmware cycles, and driver releases across every device on your network, keeping everything current is a full-time job. That's why allCare IT handles it for you, powered by the #1 rated Patch Management software platform: NinjaOne 

Our patch management service continuously monitors and maintains every device under our care: 

  • Automated patch deployment — critical updates are tested and pushed to your systems on a consistent schedule, without disrupting your team's workday 
  • Full patch visibility — a clear, up-to-date picture of the patch status of every device on your network 
  • Third-party application patching — not just Windows updates, but browsers, PDF readers, and other commonly targeted applications 
  • Compliance documentation — a maintained patch history that supports cyber insurance requirements and audit readiness 
  • Proactive firmware tracking — helping you stay on top of connected device lifecycles alongside your traditional endpoints 

 

The Bottom Line: Patching is one of the highest-impact things you can do to reduce your attack surface. allCare IT makes sure it actually gets done. 

→ Want to know the current patch status of your network? Contact us to get started.