Here's how consumers, legislators and vendors can each do their part
By any measure, connected devices are going to play prominent roles in our future lives. They’ll be everywhere – connecting items in our homes, our workplaces, our cars and our public buildings to the web, tracking usage and offering instant access to information and services. Some estimates say IoT connections will triple in just six years, up to 75 billion by 2025.
But, for connected devices to reach their full potential, everyone with a stake in their success will have to ensure that these devices are secure. There’s already plenty of concern about information leaks and compromises to IoT-enabled systems. According to one report, a third of respondents (28%) who haven’t yet purchased a smart device said they wouldn’t buy one due to privacy and security misgivings. Consumers will grow more anxious in the future – if security concerns aren’t addressed.
Legislation will need to do its part. Some initiatives are already happening, spurred on by the EU’s GDPR’s worldwide blueprint for new privacy legislation. But other initiatives will have to fall in behind.
California’s cybersecurity bill, the Security of Connected Devices, became law in January 2020. While its requirement on passwords is praised, the rest of the law is considered weak. The law requires that each new device be made with a unique password, requiring a user to “generate a new means of authentication before access is granted to the device for the first time.” That’s a start. The further requirement that each device has “reasonable” and “appropriate” security features is open to interpretation.
A second law, being debated in the UK, requires that manufacturers do three things: institute unique passwords (not resettable to universal factory settings), provide a public point of contact so that anyone can report a flaw and expect timely response, and explicitly state the minimum length of time for which devices will receive security updates at the point of sale.
“Our new law will hold firms manufacturing and selling internet-connected devices to account and stop hackers threatening people’s privacy and safety,” Matt Warman, U.K. Minister for Digital and Broadband, said in a statement. “It will mean robust security standards are built in from the design stage and not bolted on as an afterthought.”
Security safeguards from just a few key vendors could pave the way for a more secure future for connected devices. For example, Amazon and Google account for over 90% of voice assistant devices globally. Game consoles are dominated by three major players (Microsoft, Sony, Nintendo) in almost every region across the world.
Amazon, for one, is taking positive steps, requiring companies that integrate with the Alexa voice assistant to implement a range of security features. Others need to follow suit.
How to protect your connected devices
While manufacturers and governments have their mandates, consumers also need to take steps to protect their connected devices, now and in the future. Here are a few recommendations.
Pay attention to software updates: Connected devices are like any other piece of technology: They need to be updated regularly with all of the latest security features. Try to purchase home-related items – thermostats, cameras, refrigerators, voice assistants – from name brands that will be in business for a while and will regularly update software.
Use secure passwords: Again, this is just security 101. Just because you’re setting up a small item – like a plug or a speaker – you still need to equip the system with a strong password. Hackers breaching IoT systems can often gain access to other systems with more precious data. Don’t give them an opening.
Don’t connect your networks: If a hacker does slip inside a crack in your smart lighting system, don’t let him move laterally to access your bank files. Put IoT devices on different networks, separated from laptops and other data stores.
Connected devices are currently a big security issue, as National Cybersecurity Awareness Month comes to a close. However, you can expect continued coverage of this topic well into the future.