In recent years, the Internet of Things (IoT) has vastly changed the way we view, use and interact with smart devices, especially in the business world. Internet-connected virtual assistants, appliances, security systems and more can all communicate and coordinate with each other, allowing business owners to automate and streamline mundane, time-consuming activities.
But for all the conveniences IoT devices afford us, there’s still one major concern that users need to consider: security. Anything that’s connected to the internet has the potential to be hacked and misused. This is especially unsettling considering the amount of personal data IoT devices collect and use.
Members of Young Entrepreneur Council discussed their top security concerns related to IoT, as well as how they’re protecting their businesses and customers.
1. Default ‘Raw Data’ Storage
Many developers default to saving data in raw form, provided they have the storage capacity to do so. But in an age when federal law enforcement officers choose to follow unconstitutional orders, storing data can be life-threatening. Whether a company sells a product to law enforcement officers or merely retains data that could be subpoenaed, evaluating how IoT devices and the data they collect can be used to endanger people is a part of modern risk assessment. Setting clear policies on anonymizing user data, as well as data retention, can help limit potential problems. But if you work with a homogeneous team, you won’t be equipped to see how some data may be used. While consultants can help on this point, hiring diversely is more effective and less expensive. – Thursday Bram, The Responsible Communication Style Guide
2. Insecure Devices
Software security is a fundamental problem for the Internet of Things. Before the IoT, businesses had to worry about updating their servers, content management systems, and desktop computers. Today, they have to worry about updating everything from connected coffee machines to security cameras. Businesses are bringing insecure devices into their networks, and then failing to update the software. Failing to apply security patches is not a new phenomenon, but insecure IoT devices with a connection to the open internet are a disaster waiting to happen. Criminals can hack insecure security cameras, for example, and use them as beachheads to access the rest of the company’s network or combine thousands together into botnets to launch devastating DDOS attacks. – Vik Patel, Future Hosting
3. Trolls And Bad Players
One of the most notorious examples of IoT and security involves a troll who managed to send white supremacist literature to online printers all over the world simultaneously. This action showed both the overwhelming reach that this new technology holds and its vast potential for corruption. This single action terrified me more than any other exploit, leak, or hack since it showed me how vulnerable we are to those who may want to use this technology for evil purposes. To prevent this, I have adopted IoT technology sparingly and only after an exhaustive vetting process. Despite all of the amazing possibilities this phenomenon can provide, I just can’t trust its security and the intentions of those around me. I’ve passed this paranoia on to my clients, and they seem to appreciate my concern. – Bryce Welker, Crush The LSAT
With devices all around us, all collecting data, all accessible remotely, there is a new ability to measure and monitor individuals and groups behavior. Organizations have to have a new level of protective measures to ensure this data is not able to be hacked into from the outside. Two key aspects are network security and the encryption of the data. You can go to providers such as Cisco, Bayshore Networks, or Senrio to get new levels of network security. For encryption, look to providers such as Cisco, Entrust Datacard, Gemalto, HPE, Lynx Software Technologies and Symantec. There are many limitations to securing IoT devices so you’ll need to find solutions that work best for your organization and specific device types. – Baruch Labunski, Rank Secure
5. Lack Of Updates
Without a verified update cycle, most IoT devices will eventually get hacked. It may not be in one year, but it could happen as devices get several years old. It is not uncommon to see devices five to seven years old in use in offices and at home. After many years, the original manufacturer could be out of business. Even if in business, their teams could have moved on to other projects and lack support of the product. Thus, the reliability of future updates is at stake. When purchasing IoT devices, we try to pinpoint manufacturers who we believe will be around for years to come and have proven to update older products when there is an issue. – Peter Boyd, PaperStreet Web Design
6. Data Breaches
As we have learned from the recent Facebook debacle and the millions of personal data that they have shared with its partners, the IoT faces a similar threat as more and more devices join the network and share data. Millions of data points will be collected as devices track our every behavior (for example from when we wake up to how many times we open our refrigerator door) and this data can potentially be shared among a number of different network participants. Unlike Facebook, which is a single entity that controls most of the data, the IoT will see various major players. Managing (and protecting) user’s private data will be a challenge new to this industry. – Diego Orjuela, Cables & Sensors
7. Compliant Data Storage
The Internet of Things is generating a huge amount of data that must be processed and stored. Millions of devices will generate petabytes of data, some of which will be linked to identifiable individuals. Canada (PIPEDA) and Europe (GDPR) — and the U.S. to a more limited degree — have regulatory regimes around the privacy of personal data and the penalties can be devastating. As businesses collect more data via the IoT, they must take care not to suck up personal data without storing it securely and in accordance with international privacy standards. As a server hosting provider with data centers in Canada, Europe, and the US, we are compliant with the GDPR and implement a huge range of server, network, and physical security measures to ensure that data is kept safe. – Justin Blanchard, ServerMania Inc.
8. DDoS Attacks
The rise of IoT has meant there’s a huge amount of internet-connected computing power that simply didn’t exist before. If hackers can gain access to insecure devices, they can take down huge portions of the internet by simply hammering servers with relentless requests from thousands or millions of connected devices (DDoS, or distributed denial-of-service). Even if you’re not an IoT company, you probably rely on the services that will be the targets — Amazon AWS, Google Cloud, Github, or Facebook, all of which have a big target on their back and all of which are now providing critical infrastructure to businesses. You should always have a Plan B, or at the very least, elegant fallback for if and when you lose access to key technological components of your software setup. – Tim Chaves, ZipBooks Accounting Software
9. Sensitive Data Storage
To be honest, I’m not sure if there is anything anyone can do to stop the world’s best hackers. Many of them are even capable of hacking into government systems. I take a different approach of not storing super sensitive data in our own database. For example, my e-commerce company does not store credit card information in our database. Even when you offer a recurring billing service, you can always store that sensitive info in a payment gateway’s server (Braintree, PayPal Pro, Authorize.net, etc.). This will allow you to manage recurring billing services without needing to save credit card data on your server, further protecting this information in the event of a data breach. – Shu Saito, All Filters LLC
10. Smartphone Security
While my business is about SMS marketing rather than IoT, the common denominator is the widespread use of smartphones. I always urge my clients and employees to be vigilant about safeguarding their phones and apps as this is the entry point hackers often use to gain access to private data. Be sure to use secure passwords and be careful about who you share them with. Be cautious about downloading apps connected to smart devices. Make sure the vendor is trustworthy and be careful about the permissions you set on your apps. When it comes to IoT, you might also want to think about how much automation you really need. Sometimes it just makes your life more complicated, as well as less secure, to have everything connected and automated. – Kalin Kassabov, ProTexting