IoT Security Issues Grow as
Not too long ago, most people were asking what exactly is the Internet of Things (IoT)? Today, we’ve moved past the defining stage as we see the ongoing proliferation of the IoT in our personal and business lives. In home automation in particular, the IoT is especially prevalent. So many aspects of our home environment are now smart and internet-connected. Our home security system, door locks, HVAC controls, light switches, ceiling fans, refrigerators, entertainment systems...the list keeps growing.
In healthcare, the IoT is also influencing how we take some responsibility for our health. People now use internet-enabled devices such as Fitbits or Apple Watch to track our daily steps and monitor our health. Connected telehealth applications for remote health monitoring have improved access and convenience of healthcare services for consumers — while helping to drive down healthcare costs.
In turn, healthcare providers use the IoT for patient care. Think of your last doctor’s office or hospital visit. Your healthcare providers walk around with smart tablets and routinely key in your medical data. From a business standpoint, using devices that have instant access to health records makes solid sense — but how is your personally identifiable information (PII) being protected?
IoT Security Issues Largely Unaddressed
Think your risk of IoT security issues is low? Think again. In late 2017, a U.S. Army soldier serving in a secret Army base in Afghanistan was out for a run and using a common fitness tracking app to log his running patterns. Unbeknownst to the soldier, this information was automatically uploaded to the app’s GPS mapping data points, revealing the location of these secret army bases — leaving the door open for a potential enemy attack.
Not all risks of your personal data being accessed are a catastrophic, of course. But they can still be an invasion of privacy. The smart refrigerator door panel that you use to build a shopping list and transmit it to your phone could be accessed by your neighbors on a common wireless network. Do you want others to know what you buy and eat in the privacy of your own home? Or, if you instruct a digital assistant like Alexa or Siri to make a purchase for you with stored credit card information, that information is potentially vulnerable to compromise or theft — which then requires you to cancel your credit card and endure the hassle of working with your credit card company to identify and remove unauthorized charges.
Two-Factor Authentication & Data Encryption
Whether the IoT is being leveraged for home automation, infotainment in your car or your healthcare provider’s medical technology, greater efforts need to be taken to enforce strong authentication of the devices and the people using them and secure the communication between the devices. And that focus needs to be embraced by the companies that develop connected devices. Strong, two-factor authentication should be built into all products that connect to the internet and the information in transit between devices needs to be secured through data encryption.
Today, this focus isn’t likely business-as-usual for product developers that envision the latest smart innovation they can bring to market. But as the IoT continues to make inroads into our daily lives, the thinking needs to now pivot to how product developers will secure consumers’ data as more and more devices become smart and connected.
Implementing IoT Security Solutions
Undoubtedly, companies that develop IoT products will need to find outside resources to help them navigate our increasingly connected world. At Cygnacom, we’ve been helping the U.S. Federal Government and businesses strengthen the security of their devices through professional information security services and cryptographic solutions for more than two decades. Our consultation services run the gamut — from public key infrastructure (PKI) and authentication to mobile and derived credentials and cloud-based services.
If you’re ready to take the next step in developing IoT products that your consumers can count on to secure their devices, contact me at Cygnacom to learn how we can help.