I have a love/hate relationship with today’s Internet of Things (IoT) gadgets. I love the tech and what it can do, but I hate the fact I have to share private information to make them work. I grew up in a world without the Internet or cell phones. Privacy and security was simply a matter of drawing the curtains and locking the doors. Those were simpler times.
Sitting in on the Grappling With Privacy and Security in the IoT Age panel discussion at the BCTECH Summit in Vancouver this week validated some of my own cyber security concerns. Gary Perkins, Executive Director, Chief Information Security Officer, for the Province of BC, moderated a knowledgeable panel that discussed the inherent security risks, both real and perceived, with today’s IoT devices. For the Industrial Internet of Things (IIoT), the risks are even more complex because of the sheer scope of deploying connected devices across large manufacturing operations.
Lack of Regulation
Part of the problem is a lack of compliance standards in IoT manufacturing. Any company can make a connected device fast and cheap by removing user control features and interfaces. The less features, the less R&D is required, thus the cheaper product. Some IoT products have no control features at all, like smart light bulbs. And because most IoT devices require an operating system, they can be hacked. Last October’s DDoS attack and Yahoo’s email hack are sobering reminders that security breaches are a reality of the digital age and that no amount of added security measures can prevent a hack. Security breaches are like earthquakes. We know they happen, we just don’t know until they happen.
Is Big Brother Watching?
Young, price conscious consumers are most at risk because they are eager to adopt a digital lifestyle and are willing to give up private data to get the latest and coolest new toy. The younger the consumer, the less aware they are about the downstream consequences of buying an always-on connected device. And who has time to read every user licence agreement (ULA)?
Every IoT manufacturer requires acceptance of their ULA in order to use their product. You only have two choices: Either accept their ULA, and allow them to data harvest your behavior while you use their product; or decline their ULA and forego using their product. If you don’t accept Tesla’s ULA, for example, the car won’t start.
Being aware of the risks is half the battle. Education at home, at school, and at work is vitally important for protecting your privacy. We should always read and understand what we are agreeing to before purchasing and pressing SEND. Is your funky new wearable being hacked right now? Do the hackers know when you’re home and when you’re not? Or worse, could your smart home be spying on you? It sounds rather Orwellian.
We expose ourselves to new gadgets without really thinking about the security risks. – Jo-Ann Smith, Director, Technology Risk Management & Data Privacy, Absolute Software
Business Risks
Corporations are much more risk aware and risk averse. At the enterprise level, privacy and security policies and procedures are very entrenched and thus easier to help implement organizational change. For example, remote workers who take home company IoT devices, such as tablets and laptops, should ensure that their home networks meet company security protocol. Connecting enterprise devices to unsecured home networks can potentially expose employers to serious security breaches. Unfortunately, sometimes it takes a catastrophic event like what happened to Yahoo to enforce a change in thinking. Digital transformation requires digital maturity.
The Upsides
IoT is not all doom and gloom. There are many IoT upsides when it comes to digital transformation. In HealthCare, real-time IoT monitoring devices can save lives. Smarter homes and buildings can reduce the carbon footprint. Smarter factories can produce better and higher quality products. In the past year, IoT privacy and security standards have improved dramatically and will eventually become globally accepted and adopted, similar to ISO.
Understanding the issues around IoT privacy and security through education and open dialogue is an important step in the digital transformation process and towards creating a more secure digital world for generations to come. We must take responsibility for the choices we make when facilitating digital of this nature, and empower younger generations to do likewise.