How secure is your doorbell?

July 16, 2025 How secure is your doorbell?

Thanks to ongoing publicity over the impact of data breaches, the chances are that all organisations are well aware of the importance of data security and of keeping computer systems secure. It’s a topic which we cover on an ongoing basis; with our most recent article in April looking at the cyber code of practice.

But can companies afford to be complacent if the security of computer systems and data module security are covered by risk appraisals and/or business continuity plans? Well, not entirely. Sometimes the most innocent of devices can in fact be a scammer’s conduit to the inner workings of an organisation. These enterprise connected devices, otherwise called Internet of Things devices, are often overlooked but could turn out to be the fatal flaw in a company’s defences.

So what are we talking about here? Our headline might single out door entry systems, but we might equally have picked on printers, internet-connected phones, room booking apps, or even smart heating systems.  In fact, just about any connected device in and around the business is a potential point of vulnerability. According to research published in May 2025 those vulnerabilities include:

• outdated software which is easier to hack into,
• devices being set up and run with ‘privileged user access’ which means anyone who gained access to the system would have unrestricted control,
• devices set up so that anyone with physical access to the device can compromise it or install a persistent backdoor which enables future remote access,
• insecure configuration of services, applications, or features.

In 2024, the government called for views on cyber security as it relates to AI. Now, in a follow up to the original survey, the government is calling for views in respect of the cyber security of enterprise connected devices. The consultation which was launched in May 2025 was originally scheduled to close at the beginning of July but the closing date has now been extended until Monday 4^th August.

The aim of the consultation is to develop and deliver a code of practice for enterprise connected devices. Proposals include the regular provision of security updates, strong authentication procedures and the maintenance of device integrity. Also included are measures to minimise the privilege and reach of applications and constrain the use of device interfaces. By minimising the way in which devices interact with other applications, organisations should be able to better control access to devices whilst also reducing the potential impact of breaches.