Is your refrigerator spying on you? (It might be!)
Many people have had the experience of ads coinciding with a recent conversation, and it turns out that’s because your cell phone may be passively listening to you, all the time.
The rise of smart speakers and voice assistants like Google Home and Amazon Echo leave people vulnerable not only to hacking, but also to weird technical glitches. Earlier this year, for example, an Echo speaker recorded a private conversation and sent it to a random contact.
These risks extend to businesses. Threats continue to evolve as hacking software becomes more powerful, increasing the impact that hackers can have on a business. Data security breaches are incredibly serious for small and medium-sized businesses, many of which cease to exist within a year of experiencing such an event. As the number of connected devices grows and expands into the Internet of Things, our exposure to such surveillance and breaches of data security continue to rise.
Today we are more connected to the internet than ever before. As a result, massive amounts of personal information are stored online. This data is extremely valuable, and there have been many notable data breaches in recent months:
· Ticketfly: A hacker stole 26 million email addresses, along with other personal data. Some of the stolen data was posted online.
· MyFitnessPal: Personal details including usernames, emails, and encrypted passwords were potentially exposed in a breach. It was nearly a month before the breach was discovered.
· Air Canada: The airline announced that personal information for 20,000 customers “may potentially have been improperly accessed” through a breach in its mobile app. As a precaution, all 1.7 million user accounts were locked down until users changed their passwords.
In addition to breaches of online storage, IoT devices are also vulnerable to hacking, especially since cybersecurity has rarely been a design consideration in building ‘smart’ devices that aren’t traditionally thought of as having computing capabilities. It is estimated that there were 8.4 billion devices worldwide in 2017; that number is forecast to reach 30 billion by 2020. Our exposure to risk will grow as well.
· Fitness trackers: There have been many reports that these wearable devices have been hacked. Most notably, in 2017, details about secure U.S. military installations were published online when user GPS data was accessed via the Strava app. In addition to theft of personal data, security breaches may have long-term financial implications for users such as rising health insurance premiums or even policy cancellations.
· Security systems: IoT-connected security systems are particularly risky, as they communicate with other smart devices that may secure a building, such as cameras or locks. If hackers gain control of a security system remotely — possible in many cases by using default factory login credentials — they could easily facilitate a physical break-in.
· Climate control: IoT thermostats might sound innocuous. But what happens if hackers force the temperature to rise in a sensitive area such as a server room? An organization could face substantial physical and financial losses as a result.
Until now, cybersecurity has largely been something added on after the fact. This is especially true for IoT devices. But there is a growing awareness that new devices must be designed from the ground up with cybersecurity in mind. The wireless industry recently announced a new Cybersecurity Certification Program for cellular-connected IoT devices: this represents a significant step towards the point when every connected device will be robustly protected.
There are some cybersecurity best practices that everyone should follow, both personally and professionally.
· Passwords: Always use strong passwords, don’t recycle passwords, and use two-factor authentication whenever it is available.
· Social Media: Curate your connections, as the more connections you have, the more potential ways there are for you to receive malicious links. Organizations should also consider educating employees about social media cyberattacks.
· Locking Devices: Every device (phone, tablet, laptop) should be locked with a code or password to protect against physical loss.
· Stay Current: Make sure the most recent updates to operating systems and security are downloaded and installed on every device.
Technology is already a part of nearly everything we do, and our lives will only become more integrated and connected as the IoT grows. It’s critical to remember that if a device connects to the internet, it is vulnerable to attack. Your least secure system is your weakest link. How secure is your business? How secure are you?
Learn more about cybersecurity and download the CLX Forum book, Canadian Cybersecurity 2018: An Anthology of CIO/CISO Enterprise-Level Perspectives: http://www.clxforum.org/
