Tomorrow’s internet…that’s a big thing to try and predict, but that’s what week 3 of NCSAM is all about: “Today’s Predictions for Tomorrow’s Internet”. It’s no secret that the internet, how we use it, and the devices that connect to it change almost constantly. We see this change with smart offices and smart cities, like those Austin hosted this summer for the Smart Cities Connect Conference and Expo. We see new devices for the home and an abundance of new technologies in the healthcare sphere.
All of these devices no doubt make life easier, but it’s important to be cyber-aware when it comes to these new Internet of Things (IoT) devices when bringing them into your home for two really big reasons: security and data collection.
The first thing to be aware of security-wise when it comes to IoT devices is that many of these IoT devices really aren’t designed with security first and foremost. While your computer gets regular security updates and patches, your IoT devices may not get those as regularly if at all depending on the manufacturer and the design of the product. This goes hand-in-hand with how fast new IoT devices are being put on the market. Many developers and product marketers are unfortunately more worried about getting new products out to the consumer and aren’t always taking the time to design with security in mind.
While this might not seem like a big deal to some, the number of IoT devices being hacked and used in malicious ways is a growing problem. Make sure you’re doing your research when it comes to buying a new IoT device: buy from products from reputable vendors, check the manufacturer’s policy on providing ongoing software security updates, and always change the device’s default password to something unique and secure. Check out our post on IoT Attacks and Botnets to find out just what a hacker can do if they find a way into these devices.
Personal Data Collection
This one is pretty simple: many of the devices we use every day are steadily capturing information about who we are and what we do on a day-to-day basis. You always want to be aware of what information is being captured and what the company capturing it is doing with it.
The data collected often paints a detailed picture of the user’s life. Take these examples for instance:
- During the holidays many of us are searching for gifts online, but even after we’re done searching, ads for what we’ve looked at will show up on other sites we frequently visit.
- Smart thermostats can learn when you come home and when you leave in the morning, allowing them to adjust the temperature to your preferences around those times.
- Digital assistant devices like Amazon Alexa, Google Home, and Apple’s HomePod listen for your verbal commands in your home and learn about your preferences from previous commands. They also integrate and share data with many other services (like the aforementioned shopping sites and smart thermostats) to provide as useful an experience as possible.
These things are all great conveniences. And some of these services really do need access to your data to do what they do. But as these devices appear more and more in our everyday life, we need to be aware of what information is being collected and how it’s being used. Many of us are on high alert recently after the Equifax breach that leaked the personally identifiable information of thousands of US citizens, but after a while the news moves on and we inevitably spend less time thinking about our data security and privacy. But in our “always-on” world, we can’t risk being unaware of the cyber-landscape around us.
Quick tips for being cyber-aware when it comes to IoT
- Change default passwords
- Many devices, like your home router, come with a default password. Hackers can easily obtain this information online or from product documentation. As a baseline for your home network security make sure you aren’t still using the default password!
- Install security updates when released
- We know the “updates are available” popup doesn’t ever show up at a convenient time, but there are a multitude of reasons why you need to stop ignoring those update notifications. Check out our post on the importance of updates.
- Use two-factor authentication (2FA) when possible
- 2FA can stop attackers who have compromised your password dead in their tracks—we consider it mandatory for critical accounts like email and online financial accounts! If you’re unsure of exactly what two-factor authentication is, check out our post that goes more in-depth on the topic.
- Do your research!
- Before buying a new device, read the reviews and products specs to make sure you know what you’re getting. Pay special attention to the security measures installed and experiences that others have had with the product.
- Read the terms and conditions
- This is definitely part of doing your research, but if you really want to know what information the developers/companies are collecting and how they plan to use it, this is a very important step in the buying process. This is really important for devices with a “cloud-based” component, which is most of them these days, that inherently take some of your data back to the vendor. You should inform yourself on what they can and can’t do with that data.
We won’t ever be able to fully predict what “tomorrow’s internet” looks like, but a big part of being safe in the always-on digital world is to be an informed consumer and to take reasonable measures to protect your network and your data. If you’re a business looking for advice on how to do that, please reach out to us!