We’ve written quite a lot about security in recent blogs, and that’s for a very important reason: As the web continues to evolve with greater complexity and connectivity, keeping websites and data secure will continue to be an ever-increasing challenge. With this in mind, we are ever-watchful for new technological developments that could make security more difficult in the future. And we have rarely encountered anything that gives us as much concern as the Internet of Things, or as it is more commonly called, “the IoT.”
In order to understand the security risks we all face with the Internet of Things, you must first know a little bit about the IoT and how it’s rapidly changing our lives.
To simplify things, let’s look at the IoT as just the next step in the evolution of the web: First there was the Internet, where computers all over the world had the ability to connect and share files. Next came social media, where users could easily create and share content. Next came the mobile web, where the Internet and social media were made easily accessible through cellular and Wi-Fi enabled devices. These steps have brought us to the IoT, where the devices themselves can create and share content, both publicly and privately.
What is so unsettling to anyone who works with Internet security is that the devices we refer to when talking about the IoT are not just limited to smartphones and tablets, but can include appliances, games, cameras, health and medical devices, automobiles, signage and advertising displays — even the packaging of the products we purchase.
The physical things that make up our day-to-day lives are rapidly becoming social things that have the ability to share data about us. While privacy may not be a huge concern to some when talking about a computer game score or the minute-to-minute location data of their smartphone, practically anyone would worry if their medical records, bank account access, or other deeply personal information was easily accessible. With the IoT, these are very real possibilities.
The major concern with the Internet of things is the current reality that the vast majority of these web-connected devices have little or no security infrastructure. This leads to four big areas of security concern:
- Sensitive personal data can be easily and directly accessed from the device.
- Easily-hacked devices may provide backdoor access to otherwise password-protected and secure accounts, websites, and data.
- Hackers can leverage IoT devices for bandwidth and computing power to launch distributed denial-of-service (DDoS) attacks on larger web targets such as online banking and government websites.
- Hackers could potentially manipulate the device itself — a very frightening possibility when you take into account web-connected medical devices, automobiles, and commercial aircraft.
The FBI has already issued a warning to healthcare providers over the lax security of web-enabled medical devices and potential risks for malfeasance, but as web-enabled devices proliferate through our daily lives, there is assuredly more warnings on the way for other industries.
So What Can You Do Now?
- If a WiFi-enabled device has a password, make sure you change the default password with one that is very difficult to crack. Learn more about creating a strong password with these tips.
- Check often for security patches or firmware updates for any of your devices that connect to the web. The majority of these updates are to fix security vulnerabilities that have been discovered, so not doing your upkeep can put you in great risk.
- Lastly, if you don’t see a need for a device to be connected to the Internet, disconnect it. For added protection, you may also isolate Wi-Fi enabled devices on separate, protected networks.
For more great tips on protecting yourself from web security breaches, we recommend you read our Guide to Website Security. Although the explosion of security vulnerabilities that will undoubtedly arise from the IoT seems mind-boggling, the very same basic precautions can go a long way toward keeping you, your devices, and your data safe.
Do you have questions or concerns about Internet security? Please don’t hesitate to contact us.