Do your cyber security measures address the possibility of a data breach occurring through the wireless-enabled refrigerator in the break room of your corporate headquarters? Have you made provisions if a hacker accesses sensitive data through wearable technology? Will your data breach response plan provide adequate guidance if a breach occurs through the Internet of Things?
Connectivity – and risk – is no longer limited to desktop PCs, laptops or smartphones. More devices than ever are now interconnected, from smart electric meters that communicate a home’s energy consumption directly back to the electricity provider, to wearable health monitors that let your friends know where you are and how far you jogged to get there. Every device that’s connected to the Internet exposes a potential vulnerability that enterprising cyber criminals can exploit.
In our 2015 Data Breach Industry Forecast, Experian Data Breach Resolution identified the Internet of Things as a significant point of concern for companies in 2015. In January, the Federal Trade Commission released a report that underscored the importance of addressing this still-emerging risk. The FTC reported that by 2020, an estimated 50 billion devices will be interconnected through the Internet of Things.
As more devices with Wi-Fi capability enter the marketplace, the points of entry for cyber criminals expand apace. While there are many benefits for companies and individuals to adopt more interconnected products, this increased connectivity will also lead to escalated risk of outside parties being able to access confidential data. It’s vital that companies take steps to manage these risks.
The FTC’s report outlined several points well worth keeping in mind as you update your data breach response plan to address the risks associated with the Internet of Things.
- Just as different connected devices have different functions – cameras that take a picture, then upload it at the click of a button versus a home security system that communicates directly with the security monitoring vendor – they’ll have different security vulnerabilities. Security measures will need to address the type of device, the type of data it has access to, and the value of that data.
- Employees should be trained in IoT risks and security measures.
- Manufacturers of connected products should practice data minimization, and collect and use the bare minimum needed to make the product function as intended.
- Companies should inform consumers of possible risks associated with connected devices, and provide them with guidance in using products in a secure manner.
- IoT risks potentially threaten not only a company’s networks and systems, but consumer privacy as well. IoT threats could increase a company’s risk of running afoul of privacy and data breach laws.
The Internet of Things offers vast potential benefits for consumers and companies alike. Just as you update your cyber security policies and data breach response to address other emerging threats, it’s important to consider potential IoT risks and make provisions to minimize the threats.