The Internet of Things invites a world of new possibilities as tech and the analog world collide. The convenience and power of this union is undeniable, but it raises a number of new risk factors as well. Because technology is becoming increasingly prevalent and essential to every aspect of our lives, greater tech security is more important than ever.
Arizona-based entrepreneur and tech enthusiast, Jason Hope, has some ideas about how the Internet of Things could be made more secure without sacrificing its convenience. Through a combination of tech improvements and cultural shifts in the way we think about internet security, the IoT can be safely incorporated into all aspects of our lives.
The Increased Importance of Security
The Internet of Things connects household items to the internet, allowing for remote access and convenience. It also incorporates sensors, artificial intelligence other “smart” technologies to enable two-way communication between devices and their users. Smart thermostats can be set and changed at a distance with a phone app; smart baby monitors keep track of a baby’s sleep habits and provide algorithmic data about them while granting parents a chance to tune in to video and audio feeds.
Right now, smart technology is still largely experimental and limited in scope; however, greater potential is on the horizon for individuals, businesses and even municipalities.
There are, however, real dangers associated with the IoT. Remote access for the approved user is convenient, but it makes devices more easily hacked. There are risks as well to automation and the quantity of data acquired and shared by devices.
One study, published from the combined findings of several European universities, lays out the risk factors clearly:
– 90 percent of devices collect and store personal information
– 70 percent of devices utilize unencrypted network services
– 80 percent of devices did not require strong enough passwords to protect against hacking
These risks were evident in both household devices and, perhaps more alarmingly, smart medical devices such as CT scanners and X-ray machines.
Hacking traditionally has put individuals at risk of identity theft or compromised sensitive information. Hacking in the era of the IoT raises the stakes: If outsiders can access your smart devices, they might be able to control them in malicious ways.
Users, unaccustomed to living in a world where these risks are real and ever-present, may need to change some of their habits as well in order to adapt to this new tech-filled lifestyle.
How Developers Can Improve Security
The rapid growth and competition in the IoT field means that many developers are rushing their products to market, skipping important security measures. This mirrors, in some ways, the early days of Windows and Android products being released at a rushed pace, with key features added later. However, the IoT is far more complex, with many more moving parts; back-filling security measures will be infinitely more difficult.
For this reason, developers should plan ahead to avoid problems. Some proactive steps developers can make to improve IoT-connected devices include:
– Minimize data acquisition and data sources. Only the information that is strictly necessary should be collected, and that information should be collected from a single secure source whenever possible. For example, a user may create his or her account on the computer through a secure network and activate a smart device that way instead of inputting information into the device itself.
– Minimize data storage and raw data intake. Wherever possible, raw data should be converted into secondary context data, and the raw data itself should be immediately deleted. Information stored in a device should be encrypted and anonymized in such a way that it would be useless to hackers.
– Decentralize data processing. A wider distribution helps to avoid the risks involved in large-scale centralized gathering, processing, storing and exfiltration.
– Enforce password requirements. The developer or webmaster should set the tone for security culture, and this starts with password creation. Users should be required to provide high-quality, secure passwords. Additionally, password submission limitations should be enforced, preventing a hacker from using algorithms to repeatedly guess passwords.
App developers should also keep up with industry standards and best practices in addition to complying with the required policies and regulations. A number of certifications, available through neutral authorities and bureaus, can be obtained. These lend an air of trustworthiness to a program and help provide benchmarks for developers to strive toward.
A Change of Culture
As the Internet of Things expands, the best apps will undoubtedly rise to the top, allowing security to improve through competition. However, the fundamental issue with IoT security rests in the hands of users, not developers. A stronger security culture, in which tech users are more aware of security risks and protocols and proceed accordingly, is crucial.
Many people are still unaware of the importance of security or discount it, perhaps believing erroneously that a security breach could never affect them. They may also fail to think through the security needs of multiple devices.
For example: A user may understand the need to protect banking account information and passwords, but he may not exercise the same care on every device he might access his bank account from. He may have his passwords saved to his phone, which he has secured with a simple and easy-to-guess passcode. This would make him just one lost or stolen phone away from giving up crucial information.
As devices become more complex and interconnected, people who may have never needed to care about internet security may face greater risks. A smart thermostat, baby monitor and television would all have their own security risks and needs; keeping track of this information and being careful with it is not intuitive for most users.
Fortunately, this can change. Our culture has already adapted swiftly to technological advancements; adapting to a greater awareness of safety and security precautions is the logical next step.
Steps to Improving Security Culture
Security culture can be improved at home and in the workplace through a few simple steps. There is always room for improvement, but even a mastery of the basics will go a long way toward eliminating vulnerabilities. Some common-sense principles that are frequently neglected or ignored include:
Setting Unique Passwords
People leave default factory passwords more often than you might expect, and hackers will try these first. Similarly, many users choose simple English words or common phrases as passwords. They may use easy-to-guess PIN numbers, such as birthdates or other significant dates that would be easy to track down.
A list of the most commonly used passwords reveals that many people are not taking password creation seriously. The list was culled from data breaches, showing what types of common passwords were frequently guessed by hackers, so it should be no surprise that obvious sequences like “123456” and “qwerty” were atop the list. “Password” remains a common and painfully easy to guess password as well.
Many hacking attempts are successful based entirely on guesswork. Making passwords difficult to guess is the first, and most important, foundation of internet security. Other techniques, such as using separate passwords for different applications, can also slow a hacker down and prevent a major security breach.
Recognizing Attempts to Steal Information
Many security breaches occur as a result of phishing scams and similar attempts. These are becoming increasingly complex, often coming from unexpected sources, but it always pays to be vigilant about sharing your information online. Many social media “quizzes” are actually veiled attempts at capturing user data; fake login pages and redirected URLs are also a problem.
To protect yourself against these scams, it’s important to understand how they operate so that you can spot shady tactics as they arise. It’s also a good idea to instill the habit of only supplying information to sites you’ve typed the addresses of rather than those you arrived at through clicking a link.
Keeping Security Software Up-to-Date
Viruses, trojans and other malware largely exist to steal your information. Although there are some ways to avoid these programs, such as staying away from certain shady websites and avoiding attachments from unknown sources, some will inevitably slip through the cracks. This is where antivirus software becomes important.
Although not every smart device has antivirus capabilities, all of them will communicate back with a device that does. Your personal computer should have up-to-date antivirus software running at all times. Your smart phones and tablets should also have antivirus protection, whether you rely on the factory-installed standard features or download additional apps for that process. Either way, taking proactive steps to preventing and removing malware can keep data from being mined from the affected device and everything attached to it.
Jason Hope and the Future of the Internet of Things
Jason Hope is a self-described futurist and expert on the Internet of Things. A philanthropist, entrepreneur, investor and tech blogger, he has a passion for seeing the IoT reach its full potential. He lives in Arizona, where he spends some of his time researching and writing about the Internet of Things and the way it can affect business and society.