You’ve probably heard the buzz about the Internet of Things (IoT) - a suite of emerging technologies that promise great value to businesses, individuals, and society. As broadband internet and Wi-Fi capable devices become more readily available, and reduced costs in technology supply chain fuel innovation, the number of IoT devices and applications is estimated to grow into the billions. What’s more, the nature and applicability of IoT is constantly evolving. According to the Government Accountability Office, IoT “can be used in almost any circumstance in which human activity or machine learning can be enhanced by data collection or automation.” IoT is clearly the future, enabling new efficiencies and technological capabilities for businesses looking to grow and compete in a competitive marketplace. But before businesses jump into this next big thing, it’s critical to understand exactly what IoT is and how it will impact data security and privacy issues.
What Are IoT Devices?
Internet of Things devices sense and communicate with other devices, objects and people to capture, aggregate and analyze information. IoT is generally defined as the concept of connecting “smart” devices through a network. Cell phones, smartwatches, pacemakers, traffic lights – even your Peloton bike – are all devices that track data and can be connected to a network to “talk” to each other and/or collect information. IoT devices use Wi-Fi, Bluetooth, and cellular to send collected data to the cloud, while software is used to process and analyze it.
How Can IoT Devices Help Businesses?
Businesses can use IoT devices to improve the quality of data through real-time data collection. Better data can lead to improved services and products for customers. And because IoT processes can be automated, businesses can use IoT devices to optimize and reduce operational costs. IoT can be leveraged across multiple sectors, from healthcare institutions collecting real-time data on patients to the manufacturing and education sector using real-time data to improve processes and communicate with students.
What Are The Potential Risks Of Using IoT?
As with any digitally powered technology, IoT security and privacy face cyber threats. Intruders may exploit security vulnerabilities in the IoT ecosystem that could compromise the integrity of sensitive data, interrupt computer systems, and disrupt business operations. Additionally, IoT may contain weaknesses that can be exploited from the “back doors” that enable remote access. Although both national and international lawmakers understand the importance of security features for these types of devices, there is no clarity on what specific security features should be required.
California is paving the way here as it traditionally does. In fact, the countdown is on for businesses to comply with California’s new IoT law which takes effect on January 1, 2020. The new law will regulate manufacturers of connected devices that are sold or offered for sale in California. In a nutshell, the law requests manufacturers of IoT devices to equip connected devices “with a reasonable security feature or features.” More will certainly come as others pass laws like California’s IoT law but as we have seen with the privacy framework, the inconsistencies create logistical challenges for businesses struggling to comply with a patchwork of laws and regulations.
How Can Businesses Protect Against Any Potential IoT Vulnerabilities?
New laws and guidelines are emerging at both the national and international levels, so what is the best way to protect your business now?
- Consider IoT devices in IT contract negotiations, audits of vendors, and insurance coverage matters.
- Assess what IoT technologies are being used, both in your organization and by your vendors. Ask if appropriate security controls are in place to prevent security vulnerabilities: Do the IoT devices sit behind firewalls? Are you using appropriate authentication settings and passwords?
- Test IoT systems and remove any outdated or potentially vulnerable devices that are not fully supported.
- Perform a risk assessment prior to implementing any new IoT technologies to be sure all regulatory and legal requirements are satisfied, and that the proper security features are incorporated.
It is important to leverage experienced legal counsel that understands not only the technology but the fast-changing legal landscape surrounding Internet of Things (IoT) laws. Our team of experienced cybersecurity and data privacy attorneys can help you navigate the complex IoT legal landscape each step of the way.
Attorney Advertising: Prior results do not guarantee a similar outcome.