Connected devices, smart phones or tablets, are no longer the only things with an internet connection. There’s now a vast number of other consumer products, including cars, heart monitors, and clothing, also linked to the internet – all creating and contributing to the Internet of Things (IoT).
But many of these products have weak security and controls, creating potentially vulnerable points of weakness in their users’ private networks, systems and data.
All these connected products collect a lot of personal data about people. The data is shared with other devices and held in databases by companies. As the internet of things continues to grow – and it’s doing so rapidly – the volume and importance of the data will also grow. It will start to attract more attention from cyber-criminals.
The more products and services there are with a connection to the internet, the more routes through which fraud can be committed are opened up. If there are areas of weakness, then cyber-criminals will find and exploit them. There are some key things that people can do to help protect themselves without losing the opportunities that IoT can bring.
Tips for individuals
• Ensure that the products and services you are buying and connecting to are from reputable companies.
• Ensure that the providers of those products and services have clear privacy and data usage policies.
• When setting up the products, ensure that passwords and keys are changed from the factory settings.
• Before connecting to any wireless network, make sure it is secure.
• Be aware of how providers use data from your smart device and check their policies to see if it could end up in the hands of third-parties.
• Any access to systems connected to your smart device should always be closely guarded.
• When downloading apps for your device make sure it is only from reputable platforms, such as Google Play or the iTunes Appstore. Apps that are downloaded should also be only created by trusted entities, check customer reviews as a way of making sure.
In addition to individuals enjoying the benefits of online access to multiple devices, businesses also need to be wary. We always encourage businesses to work with the mindset that any product poses a significant potential for threat. The below tips were created for businesses to use as a guideline.
Tips for business
• Understand who has access to systems and clarify why they need it. It is also important to understand the normal access behaviour of those logging into these systems, so that when anomalies occur, immediate preventative action can be taken.
• Clearly outline roles and responsibilities in terms of access monitoring. This can be segmented by factors such as channel or line of business.
• Share intelligence across the consumer and enterprise side of your business. Many businesses have strong authentication requirements for their customers, but most data breach activity happens as the result of employee credentials being compromised and used to gain access.
• Businesses should also apply robust privacy policies and practices. Doing so will ensure that the data they are collecting is actually required for the services they offer, and that the data collection practices are easily understood by their customers.
• Any data collected must be treated as highly sensitive information. It’s important to note that even seemingly uninteresting data can be used by fraudsters to build robust and accurate stolen identities, which can be used for online impersonation, social engineering, phishing attacks and more.