Ensuring cybersecurity and privacy in IoT Adoption

The Internet of Things is still in its beginnings, but as devices become increasingly networked, the security implications are starting to cause headaches for businesses. Unlike consumers, companies “getting hacked” translates much more immediately into reputational damage, lost revenue, or even compensation claims.

The biggest risk to a company’s online security comes from the employees, says Jack Warner, cybersecurity expert at TechWarn. Poorly trained staff or a lack of clear IT policies encourages reckless behaviour and careless handling of sensitive data. Employees might not be aware of a device’s features and risks, or have the security averse mindset to notice potentially damaging leaks.

More than ever before it is important for corporations to have all office equipment reviewed by a security-conscious team of engineers. There must be clear policies in place for what data is allowed to be collected by devices, and rules to which the data must adhere. This policy must apply equally to data collected by devices owned and deployed by the company, as well as owned by employees.

Jack Warner

Case study: Fitness app data

In November 2017, the fitness app Strava released data collected by its users. Even though the data was already anonymised, it still created large attention as analysts discovered the data revealed the location of secret military bases, as soldiers would wear their fitness IoT devices while jogging around the base, going on patrol, or working out.

The workout routes outlined the size and location of bases, gave an estimation of how many soldiers are stationed there, and even what the rough patrol frequency could be. The Strava data leak represents a massive security risk for the operation of U.S. forces and is entirely self-inflicted.

Information like this can easily harm a commercial organisation as well. Testing locations, scouting locations, or delivery routines may well be the well-guarded intellectual property of an organisation.

There are plenty of other IoT devices that employees might casually use that reveal sensitive data. Staff phones might record their location as well as be used to take pictures. Employees might inadvertently share their location through social media, or use a smart scanner app on their phone to convert sensitive data to pdf. Passwords might be pasted into the draft folder of personal email accounts, or customer information might land in an employee’s personal contact list, from where it gets uploaded to various apps.

Networked devices in offices

When information security is not put into consideration from the very start, the typical office might be already full of devices that do not respect privacy and create security leaks. For example, a printer may retain printed documents for a long time (or even upload them online) and air purifiers may make collected data available to a central server.

Even systems like thermostats, lamps, or door locks often come with network capabilities and might share their data with advertisers or at least a central cloud service. At a minimum, this opens to opportunities for intruders or competitors to get access to company secrets.

Company networks and intranets

While we have become more sensitive to publicly facing information, internal databases and networks of organisations are still too often seen as “safe.” It is often here that hackers have free rein and, once inside the network, can leverage their privileged position to connect to databases, infect computers with viruses or sabotage critical equipment.

Routers are among the most neglected equipment in office networks. While the devices of employees receive regular automatic updates, and servers are of high concern, routers are rarely inspected and don’t receive updates. Yet all company traffic will pass through them, and anybody in control of the router can intercept, malform, inject or alter any data sent to the internet and other internal devices.

A good VPN router is not hard to come by, but price differences between models can be immense and their benefit not obvious to the buyer and operator.

Reliance on third-party hosting providers

The biggest threat to an organisation’s privacy needs has become the widespread use of hosted services including email, chat, and file management.

While a few years ago it would have still been relatively common for at least large organisations to manage their own email servers and store documents on internal servers, today it’s almost exclusively third-party cloud providers. Emails, chats, documents, software code—there is almost nothing left inside of the offices of many companies.

An everlasting struggle

The way internet services and Internet of Things devices are developing is very much contrary to the privacy and security needs of corporations. So far there is little pushback or demand for more security conscious services.

The most sustainable strategy for corporates may be to limit the amount of information they collect from their customers, and host this information along with their intellectual property, on self-maintained physical infrastructure in-house.

The author of this blog is Jack Warner, cybersecurity expert at TechWarn

About the author

Jack is an accomplished cybersecurity expert with years of experience under his belt at TechWarn, a trusted digital agency to world-class cybersecurity companies. A passionate digital safety advocate himself, Jack frequently contributes to tech blogs and digital media sharing expert insights on topics such as whistleblowing and cybersecurity tools.

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow

RECENT ARTICLES

Get a US$50 Amazon voucher for sharing your IoT brand knowledge

Posted on: March 28, 2024

We want to know what you know about the IoT space. Just 3 minutes could earn you a US$50 Amazon digital gift card!

Read more

Enhance EV charging performance with cellular connectivity

Posted on: March 28, 2024

Electric vehicles (EVs) are steadily growing their market share at the expense of internal combustion engine vehicles. The growth is fuelled by several factors. Perhaps most importantly, prices for EVs have started to drop as competition in the industry is intensifying. New players and models are emerging, prompting several established EV makers to lower their

Read more
FEATURED IoT STORIES

What is IoT? A Beginner’s Guide

Posted on: April 5, 2023

What is IoT? IoT, or the Internet of Things, refers to the connection of everyday objects, or “things,” to the internet, allowing them to collect, transmit, and share data. This interconnected network of devices transforms previously “dumb” objects, such as toasters or security cameras, into smart devices that can interact with each other and their

Read more

The IoT Adoption Boom – Everything You Need to Know

Posted on: September 28, 2022

In an age when we seem to go through technology boom after technology boom, it’s hard to imagine one sticking out. However, IoT adoption, or the Internet of Things adoption, is leading the charge to dominate the next decade’s discussion around business IT. Below, we’ll discuss the current boom, what’s driving it, where it’s going,

Read more

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into a more switched-on place to live.

Read more