Let's Talk IoT
Updated: Dec 17, 2019
I'm sure you've all heard this before, so we'll just say again:
It's all connected.
Unconvinced?
We promise that the next tab you open will run an ad on your latest Google search -- but in the meantime, let's talk IoT.
The Case
With the advent of all things "smart", internet connected devices capable of storing, sensing, processing, and transmitting or receiving vast amounts of data, it quite literally is impossible to ignore the elephant in the room:
The ever expanding cyber (attack) landscape.
At this point it is entirely safe to say that our lives as we now (and perhaps forever will) know it, run on tech. From virtualassistants on our mobile devices (phones, tablets, and laptops) like Siri and Alexa, to wearabletech like Garmin or Fitbit, one thing is abundantly clear: IoT is here to stay.
Associated Risks
An exploitation of default passwords to send malicious and spam e-mails, or steal personally identifiable or credit card information.
Compromising the IoT device to cause physical harm.
Overloading the devices to render the device inoperable.
Protective Measures
Whether you're Apple or Android, tablet or PC, smart watch or laptop, here are a (5) data storage and security-related questions that all IoT device owners should ask of themselves:
1). How safe are my internet connections and web browser? The below are just some ways IoT devices connect to and authenticate on the web.
WiFi
Bluetooth
USB
Security Certificates and Certificate Authorities (CA)
The stability and security of your internet connection is paramount to safety of your device and by extension, your personal data. Equally important is a website's Security Certificate which is a validation and encryption tool. A trusted certification authority (CA) verifies the identity of the owner of a website and the certificate ensures (you) the user that the website you are connected to is safe and secure.
2). What exactly is being done with my data, and where was my device made? The below are key disclosures companies share with you concerning the use of your data.
AUP - acceptable use policies
TC's - terms and conditions
PPs - privacy policies
Once your data leaves your device it is entirely out of your control. Both direct and third parties are required to disclose how and with whom your information is shared with. So be sure to explore the above in order to know more about how your data is used. Purchase IoT devices from manufacturers with a track record of providing secure devices. Patients should be informed about the capabilities of any medical devices prescribed for at-home use. If the device is capable of remote operation or transmission of data, it could be a target for a malicious actor;
3). Where exactly is my data stored? Know if and when the below is being done.
Backup
Frequency
Data privacy and protection are the coin of the realm, and your IoT devices are key gateways. Regardless of where you backup your data to (Google Drive or iCloud), ensure that your personal information is sufficiently safeguarded and readily accessible.
4). What are my applications up to? The below are key openings attackers will use to exploit your IoT device.
Permissions
Vulnerabilities
Data Usage
The applications that run on our devices probably constitute the majority of our network activity. Running updates, knowing what they have access to, what requests and replies are being sent from or to them, and just how much (data) bandwidth is being consumed are all key to deriving just how safe they actually are.
5) How effective are my password management practices?
Ensure all default passwords are changed to strong passwords.
Do not use the default password determined by the device manufacturer.
Many default passwords can be easily located on the Internet. Do not use common words and simple phrases or passwords containing easily obtainable personal information, such as important dates or names of children or pets. If the device does not allow the capability to change the access password, ensure the device providing wireless Internet service has a strong password and uses strong encryption.
#IoT #datasecurity #networksecurity #devicemanagement #cybersecurityawareness
Supporting source: https://www.ic3.gov/media/2015/150910.aspx