Think Before You Connect to the Internet of Everything


Be very careful and consider beforehand the risks and privacy impacts you expose yourself and others in your premises to with connecting all of your devices (fridges, TVs, lights, electricity meters, door locks, security cameras, etc etc) to the internet.

For example, many modern TVs can listen to and see their customers in their homes, without giving customers the ability to switch these things off instead feeding the data they gather back to their manufacturers (and third parties) while connected over the internet. As another example, Google's business model has focussed, amongst other things, on gathering and understanding data from customers. Simply connecting to Google hardware without considering what it's gathering about you, your activities and your own customers and without understanding whether and how to control these settings is potentially a risk.

The SANS organisation published a great short article overnight on this subject. Quoted from their article (my emphasis added) "The more devices that are connected to your home’s network, the more can go wrong. Hackers can program your devices to attack others, vendors can collect extensive information on your activities, or your devices could become infected and lock you out. Many of the companies making these devices have no experience with cyber security and see security as a cost. As a result, many of the devices you purchase have little or no security built into them. For example, some devices have default passwords that are well known or you cannot update or configure them." Taking this further, many companies selling devices and systems have no experience with cyber security and see security as a cost too.

Many technology businesses in the market place do not lead with security first. For customers who have no concern for privacy and security, there's perhaps no problem as the responsibility for risk rests on the customers (whether the customers themselves know it, like it or not). For customers who do have concern about protection of privacy and security, the responsibility remains theirs but they need to consider and do something about it because people and businesses which don't lead their approach to market with security won't deliver it for their customers. Customers have to take extra steps to understand and manage these areas of concern for themselves.

There is absolutely a legitimate place for businesses in the market which don't lead with security first but which still deliver solutions to the market to solve other problems (like fast, practical and affordable connection to the internet where mainstream service providers can't, or a freely available and reliable mobile map service).

Some businesses like mine do both, that is, to bring to market problem-solving products and services but also lead with security and risk management so that the marketplace of people we serve may make informed choices about living and operating safer in public life, business life and at home.

For interest and enquiries with Aitchison Reid Consulting, feel free to send us an email to start a conversation:

[Updated 02/08/18 2354]

#SANS #IOT #InternetofEverything

Featured Posts
Recent Posts
Search By Tags
No tags yet.
Follow Us
  • Facebook Basic Square
  • Twitter Basic Square
  • Google+ Basic Square