The internet of things (IoT) has resulted in integrated workplaces and homes as smart thermostats, washing machines, security systems and wearable tech devices mean technology is making our lives even easier. However, data from the Internet Crime Complaint Centre (IC3) shows that personal data breaches are one of the most prevalent and fastest-growing cyber crimes in the U,S. With 50,000 people affected by data breaches in 2018, the risks to online security that IoT devices pose can no longer be ignored.
At home, digital assistants such as Google Home and Amazon Alexa often form the center of IoT networks that allow users to operate a number of devices around their homes using their voices. However, recent news about the way recordings taken by the devices are shared with other human listeners within the parent company has led many to question the level of trust consumers place in these companies to protect their personal data—and how much we should be sharing when Alexa is in earshot.
In addition, other IoT devices such as light switches and security systems often operate on much weaker security restrictions, which could leave the entire network open to hackers. Some devices save the network Wi-Fi password insecurely, meaning hackers could break into the system through the washing machine and end up monitoring all internet use or even accessing personal data.
The same issue can occur in workplaces where interconnected devices such as security systems and coffee machines can be connected to the main network and leave the entire framework vulnerable to opportunists. In much the same way, security teams need to be aware of every device that interacts with the network to ensure the organization is following strong security practices at each point of access.
Bring-your-own-device (BYOD) policies also pose an issue to company security, as devices brought from home may not have the same level of security as the rest of the company. That could allow hackers to exploit the discrepancies and access the personal data of staff or clients.
What’s the Solution?
Blockchain technology is a hot topic specifically in relation to IoT tech, and is seen by some as the answer to IoT security concerns. The main benefits of blockchain are its decentralized infrastructure, so there is no one point of access that could compromise the entire system, and its ability to record timestamps for every device which interacts with it. In the workplace, a blockchain could be well-utilized to ensure that only approved devices have access to the system and that any attempted breaches or unauthorized access is recorded so it can be dealt with quickly and effectively.
For companies that operate a BYOD policy, having a separate network for staff to access using their external devices will help avoid break-ins that occur because of different security standards.
However, neither of these solutions are realistic in the home, so the most likely solution to IoT security issues will come from the creators and manufacturers of the devices. In the rush to get these devices on the market, manufacturers have neglected the security aspects of their interconnectivity; this will need to be resolved before consumers can be certain their personal data is safe.
Customers with home assistants will need to consider the cost of sharing so much of their private data with the companies who own them before making them a part of their integrated homes. Big tech companies should also be required to be more explicit about how they handle their customers’ data and why, to avoid any upsetting surprises such as the recent leaks from Google.
In all, data privacy is the responsibility of everyone and the risks and solutions need to be considered at every point of connection to tackle the rising threat of personal data breaches.