One of the things I often post about is the security around IoT devices. Let’s start with the two easy statements and dive a little further into the concept of what and how security is applied (or not applied) to various devices in your home. The first is the reality of the sheer number and placement of IoT devices. The second is the actual connection of that device. Security is the protection of data, but we have to be careful with that. Data is information, and there are bits of information you can let others know about. There are bits of information that cannot be known. Separating information into those two buckets is both the role of security and the application of Information Assurance (IA) and Information Governance.
Let’s push the first issue, the sheer number, and placement of the IoT devices.Number is pretty straightforward, Gartner and other experts say between 12-15 billion devices deployed right now. Or more than one device per person in the world. Placement is the interesting security issue. Let’s think about these devices and what they do. We are talking toothbrushes, refrigerators and smart speakers. We are talking about devices that provide value for you, as long as they know about you. Now, nobody is going to hack your connected toothbrush to see if press too hard while brushing. But they may hack the camera in your refrigerator or television.
The reason for this reality is the lack of security at some points in your home. Most people get a router from their internet service provider. They deploy that router in their home, and that is it. That should be ok, as long as the network is secured. Risk number one for most home users is the reality of unlocked or open networks. I have an unsecured network in my home. It is used by IoT devices and connects directly to my router. You won’t and don’t get to see the other devices on my network because I have another device blocking that connection. I grab the data from the IoT devices directly from the cloud. That reduces the risk while adding a little more complexity.
Complexity is the enemy of security. The more complex something is, the more likely people are to figure out a way around it. Or worse, write down the password or steps and carry it with them or leave them in their cube! The quick answer here is to create two networks in your house. One that is open so you can quickly connect IoT devices. The other should be locked into your home computers and things you don’t want easily hacked. It is the first step to securing your IoT devices.