Darryl d’Aquin (COMMTECH) -- The Internet of Things represents a collection of electronic devices that help us with our everyday lives as well as collect and exchange data. So, things like the new web controlled lighting systems for homes, controllable camera systems, home sprinkler systems, air conditioner controls, health monitors (like fitbit), digital assistants (like Alexa, Siri and Google Home).
All of these devices make our lives simpler and more convenient. However, should there be a concern? It is very easy for consumers to buy and implement these products today. They are more cost effective than ever. However, once you put these devices on your home or business network, you need to understand that you are depending on the manufacturer for their security. A flaw in the product or a hacker could potentially gain access to these devices which could give them access to other things on your network.
So, if a consumer puts 5-10 different IoT devices in their home, they are now dependent on these 5-10 for potential security issues.
This is a very new market that has plenty of growth ahead of it. So, there will be lots of manufacturers. It is important for consumers to use solutions from vendors that have a known track record for dependability and consumer support. This can help them feel more confident that they will implement reasonable security measures.
So... what can the consumer do to protect themselves? This is a good question and there are some good solutions.
1) Many of the home routers/firewalls that consumers can get today offer a protected network and wireless segment that can separate IoT devices from the rest of their home computers. These are common in the business world; but, are now needed for the home consumer. This is typically known as a DMZ (Demilitarized Zone). It is a perimeter network that can allow the IoT devices to communicate with the Internet; but, not allow these devices to communicate with the computers on the home network.
2) As mentioned, consumers should buy products from companies that are familiar, established and have a good track record.
3) Try to limit the number of different manufacturers you use in your home or business for the various IoT. This way you can be more familiar with each and their policies.
4) Understand the security policies, personal data storage policy, and notification of breach for each device manufacturer.
5) For a business, your IT department or company should have routine audits and scans of your network to look for rogue devices added by users.