With so many smart devices now all around us in homes and offices, we look at ways to minimise the risk of having your privacy invaded.
The Internet of Things (IoT)
IoT devices are those devices that are now present in most offices and homes that have a connection to the Internet and are, therefore, ‘smart’ and inter-connected. These devices, each of which has an IP address, could be anything from white goods, smart thermostats, digital assistants (Amazon Echo) to CCTV cameras, medical implants, industrial controllers, building entry systems, and even the car. There are now even smart malls and cities in some parts of the world. IoT devices transmit and collect data which can be processed in datacentres or the cloud and uses several different communications standards and protocols to communicate with other devices (Wi-Fi, Bluetooth, ZigBee or message queuing telemetry transport (MQTT).
Although the smart element of these devices can be used to improve their performance, it can also represent a risk to privacy and security. For example, smart security cameras and smart assistants are essentially cameras and microphones in the home. Also, W-Fi routers, smart lightbulbs and other gadgets and wearables collect and transmit personal data. The risk is that the private data collected by IoT devices and shared over the internet could be vulnerable to hackers around the world. This, in turn, can compromise security as well as privacy as the hacked/intercepted data is used for cybercrime and physical crime (e.g. burglary) using information gained from CCTV cameras. Other risks include:
- Hackers remotely taking control of devices to misuse them and spy.
- Some IoT devices have pre-set, default unchangeable passwords, if discovered by cyber-criminals, can enable the device to be take over and misused.
- IoT devices are prevalent and are often overlooked in security planning, leaving them unguarded and vulnerable to hacks and attacks.
- IoT devices are deployed in many systems that link to (and are supplied by) major utilities, e.g. smart meters in homes. This means that a large-scale attack on these IoT systems could affect the economy.
- “Shadow IoT” devices (i.e. connected to corporate networks without the knowledge of IT teams) also now pose a threat to organisations by allowing attackers a way to get into a corporate network. These devices can include fitness trackers, smartwatches and medical devices.
Actions that can be taken to retain privacy and limit the potential risks posed by IoT devices include:
- Securing your router by changing the default settings, i.e. the change the default administrative username, password, network name, and avoid using login names or passwords that contain your name, address, or router brand. Also, enable encryption and check for hardware and software updates.
- Changing the default username and password on IoT devices that connect to the router, using two-factor authentication (2FA).
- Not sharing passwords between devices.
- Taking time to understand what a device collects and how. Users may then make informed choices such a turning smart speakers or cameras off occasionally for privacy.
- Regularly updating each device’s firmware.
- Taking advantage of any extra security features on a device, e.g. enabling encryption or setting up a passcode lockout (“three strikes, and you’re out”).
- Disabling any data collection that is not seen as necessary on a device and disabling or disconnecting any devices that are not in regular use.
The threat of the IoT being used for cybercrime has prompted many businesses to start investing in IoT security solutions. According to a recent report by Meticulous Research®, the IoT Security Market could be worth as much as $59.16 Billion by 2029.
What Does This Mean For Your Business?
The IoT brings many advantages to businesses in terms of cost savings, the gathering of valuable data, monitoring and management. For consumers, smart devices deliver new levels of value-adding functionality and looking ahead, towns and cities will begin to rely even more on the benefits of IoT devices and systems.
However, smart devices come with a privacy and security risk if certain steps are not taken such updating firmware, changing default passwords, and disconnecting them when they’re not needed. For businesses, IoT security has become an important issue and demand for it has increased in many industries and organisations. This demand is being driven by an increasing number of ransomware attacks on IoT devices, and an increase in the number of IoT security regulations.
The risk may be even greater now in the light of the war waged by Russia on Ukraine. Businesses, therefore, need to take an audit of which IoT devices are in use and make sure appropriate measures are taken to maximise security and privacy.
By Mike Knight