Drones and Small Business Cybersecurity
Drones are being used for many creative tasks. They are now used to deliver packages and take-out. Pizza express, anyone?
Cowboys may no longer need to ride the fence to look for damage. A rancher can send a drone with instant video and GPS details to the ranch house. Repairs can be schedule efficiently. Farmers can send a drone over their fields to look at crop growth and water levels. They can then remotely turn on needed irrigation. Real estate agents can provide up to the minute views of a neighborhood to a prospective buyer. Buyers can see what their prospective neighborhood backyards look like. Search and rescue workers can send a drone in advance to aid their location efforts and identify the shortest route to a victim.
And drones are not just for the outdoors. A drone can fly down corporate hallways, through warehouse alleys and inside large venues. How about a drone to capture your wedding from above?
With fabulous ways on the horizon to proactively use drones, there will likely be increased risk as well. Drones can go places that security fences can’t stop.
Not your kid brother’s toy drone
“Hobby” drones typically have a camera and GPS service. As Scott Schober said in his blog, “think of them as flying smartphones without the screen”. They can be flown 3+ miles away from the controller and be in the air 25-30 minutes. The cost for a hobby class drone can range from $200 up to $1,500. Some drones have target tracking feature as well. As the market continues to expand, more features will be added to attract diverse customers.
Potential risks include a hacker modifying a drone to intercept signals between a WI-FI user and a public or other accessible network. A mobile device could be tricked into thinking it connected to a legitimate network but the transmissions actually were being rerouted to the drone’s ground crew and resent to another location.
Or equally deviously, a drone could intercept and reroute communications from a WI-FI system on a company’s campus. Data harvesting could occur without the network administrators’ knowledge.
Jeff Melrose Sr. Principal Tech Specialist at Yokogawa USA gave a detailed presentation at Black Hat convention in 2016 on interception tests. It is fascinating reading for anyone wanting more test information.
Another risk area is a hacker attacking your drone to steal the data the drone is gathering. If you are managing aspects of your business by drone, it is conceivable that a competitor or nation state wants your information.
What businesses should do
Explore a variety of drones for your business purpose. Don’t decide on a model only on price. Find out what type of security it has and how frequently and easily the security software will be updated.
A drone is a mobile Internet of Thing device. Just as you wisely evaluate security measures for other IOT products, apply rigorous review of security measures. Think the worst of what a drone could do and plan accordingly.
Talk to your insurance agent as you make your decision on drone usage. This is a new area of insurance and you should learn about the coverage needed for potential damage caused by your drone.
Evaluate establishing a company policy on use of personal drones in the work space. While there are a number of positive uses (just as the first mobile phones used in the office were often personal ones rather than company ones), be sure you are able to protect your computer network from casual drone usage that might have a malware infection.
About the author -
Carolyn Schrader is a seasoned cybersecurity professional and founder of the Cyber Security Group Inc., providing corporate cybersecurity services to high profile clients.