Get Smart! Mitigating Risks in IoT

Smart devices, or Internet of Things (IoT), may be the panacea for consumer convenience. Do you want to know and change the temperature of your house or even your fridge remotely? There's an app for that. Such devices also raise extreme privacy concerns about the data collected about you. Devices can track or discern details about your life based on usage and interaction. And that data could potentially be aggregated with data coming from other smart devices, painting a fairly robust and accurate profile of you and your life.

Your fitness-tracking device serves as an alarm clock. Not only does it track the time that is set for the alarm, it also tracks the interaction when you shut it off. Maybe your coffee maker tracks when you start the brew (unless you're from the Coffee Old School). Consider that your car tracks what time it is started, how far it is driven, and the GPS location(s) where it is parked. These data points are provided to you as the consumer, but are also presumably used by the manufacturer. It's only 9:00 a.m. and the smart world already has collected or observed several key privacy factoids about you. Remember, where data exist so does the risk of data exposure.

Protect Your "Things"

Devices geared toward consumers will continue to push convenience over privacy, and consumers will continue to call for greater connectivity and convenience. That means more connected devices and ongoing evolution for more information, interaction, integration, and automation. It's no longer a question of whether your home devices should be connected, many require connectivity to function. As consumers, we need to proactively assess the risks of such connectivity. When those risks are greater than our threshold risk tolerance, we need to take steps to minimize those risks.

Take the following steps to protect yourself when you start using a new device:

  • When you bring home a new consumer device, check to see if it's transmitting. Ask whether you need that device to be connected. What are the advantages of having your fridge broadcast the whereabouts of your cheese? Is the potential to activate remote maintenance with the manufacturer important to you? Do you want to interact with that device remotely? Then by all means, keep that connection. If you don't need the maintenance options or to monitor and interact with the device remotely, turn off the device's connectivity.
  • Periodically scan your networks to make sure you know and manage what's online. If you want devices to be connected, be proactive. Find out how they connect; how devices are patched; what the default security settings are; and what data are collected and how/when/where the data are transmitted. Protect your home wireless network(s) with strong password management, active maintenance practices, and vigilance.
  • Use the same cybersecurity hygiene on your smart devices that you use on your computer. While it may be revolutionary that your car is now essentially a computer on wheels, it's still a computer connecting to the Internet. You don't have to become a cybersecurity expert, but you may want to find a few trusted sources of security advice for consumers.

It's time to get smart about your devices, manage them appropriately, and reap the rewards of their convenience.


Learn more about securing IoT home devices with this SANS OUCH Newsletter.
Download NCSA's infographic Your Privacy in a Growing Internet of Me.
Learn about the types of data your connected car might collect.