The Internet of Risky Things

IoT
Written By Simon Hunt
The Internet of Risky Things

Before you install an Internet of Things (IoT) device into your home or business, think long and hard about what data it is collecting and where that data is being sent.

IoT Good or Bad?

There is plenty of noise in the tech media about the Internet of Things (IoT). Despite the coverage, people still aren't quite sure whether it’s a good or bad thing. Less than two years ago, there was a huge attack on an Internet service provider in which a botnet of IoT devices played a large part and made a portion of the Internet unavailable for a while. It was a significant moment which raised questions about the security of IoT. Whilst IoT security is now more in the spotlight, the potentially bigger problem of privacy risk isn’t receiving the same attention.

The Data Harvest

The low cost and ease of implementation means manufacturers are going to put Wi-Fi-connected chips into just about every device we use in our homes and businesses. IoT is unavoidable. The low costs combined with the incentives that companies have to harvest data on user behaviour, should be ringing alarm bells. Imagine your oven, refrigerator and microwave have data-collecting chips in them, all with the stated purpose of providing a benefit to you. The manufacturer can collect usage data, from the times of day and how long you use them, to what food is being prepared or stored in the freezer. This data could then be combined with information you may have previously provided when you signed up, such as where you live and your household income, to form a more detailed picture of your day to day life and habits. In the 21st century, this may not seem so terrible. Until something bad happens. And it will.

IoT Small Business Risk

The risk can be even greater for businesses that introduce IoT devices. Consumers might get anxious when they think about their internet attached devices monitoring them and listening to their conversations, but businesses are behind the curve in assessing the potential issues. Before you deploy web enabled devices in your organisation, stop and think about what kind of data is going to be collected and where it might be going. For businesses that value their privacy, this could be critical.

Coffee shop owners are purchasing devices intended for home use to monitor and protect their business. The system is connected to their Wi-Fi network using default configuration options and the owners aren't thinking about the potential nightmare, should they lose control over that device, because it isn't secure. If the device is subsequently hacked, criminals can monitor customer traffic and flow, and could even zoom in on credit card numbers if the camera happens to be near a cash register.

IoT Risks in Larger Enterprises

The risk does not just exist for small businesses. Medium-sized and corporate businesses often make use of things like smart TV screens. Smart TVs are usually connected to a wireless network to display analytics and statistics and you may not be surprised to find that many of those TVs are connecting back to their manufacturers to gather advertising information and usage statistics. Some new TVs have webcams on them with incorporated microphones. Many businesses also have cameras covering the lobby and entrances. Data about peoples’ comings and goings and what they are doing is being recorded and stored in the cloud, often protected only by a password that was never changed from the default.

Be Aware and Plan Accordingly

The advice is not that you should banish IoT devices from your home or business. It’s more that you need to think about a few things first before you invite these devices into your lives. Weigh-up the risks and benefit when it comes to purchasing Internet-connected devices. Is the risk worth it, if the data got into the wrong hands? If the data is stored in the cloud, make sure you are using long and strong passphrases and enable two-factor authentication everywhere you can. Keep the device software updated and protect the data they produce (if you can).

Make a conscious, risk-aware decision and plan accordingly. Be aware of what information you are giving away. Read the privacy policies of the IoT device manufacturer. If they are collecting your data, they legally have to disclose it.

The potential for IoT devices is huge. No one knows exactly where the industry is going to go or what is likely to happen. Tread carefully.

Simon Hunt
Previous

GDPR and CCTV - What's New
Next

It’s Not All About Consent - GDPR Legal Basis for Data Processing