IoT Devices in the Workplace

Abstract

The Internet of Things (IoT) is reshaping industries and so is the employees' range of informal-IT usage in the workplace. This research study assesses the emerging risks and threats that arise from the increasing prevalence of employee-owned IoT devices in the new wave of IT-consumerism within enterprise premises. Most enterprises have adapted to the change brought by the personal-IT devices such as laptops, smartphones, and cloud applications, and have introduced security policies of either allowing under Bring Your Own Device (BYOD) environment, or completely restricting its usage in preventing unauthorized access to sensitive information assets. Existing research has started focusing on possible threats of employee use of IoT devices that are outside the control of IT management. This study presents a theoretical explanation of three key aspects that are discussed in the existing scholarship: threat dimension, detection, and prevention of IoT enabled Insider threat.A systematic meta-analysis comprising of 15 research studies in current scholarship examining IoT enabled Insider threats in the workplace. Through analyzing the reported measurements and consolidating findings through systematic classification in various themes, this document identifies and systematically highlights various specific attack vectors, detection mechanism of IoT enabled malicious and unintentional threats, attack incidents/scenarios and ways and means to prevent the insider threat emerging from employee use of personal/consumer IoT devices. Based on the findings, a framework of IS research and responses to IoT enabled Insider threat by integrating and extending the work done on understanding such risks. The framework highlights the gravity of risk areas and challenges in preventing sensitive data assets of enterprises for future research.