December 2019: Get Smart! Mitigating Risks in Connected Devices

min read

Get smart about managing IoT devices and reap the rewards of their convenience. The twelve Security Awareness blogs feature ready-made content designed to enhance security awareness.

photo of woman sliding a room divider panel
Credit: metamorworks / Shutterstock © 2018

Campus Security Awareness Campaign 2019

This post is part of a larger campaign designed to support security professionals and IT communicators as they develop or enhance their security awareness plans. The campaign is brought to you by the Awareness and Training Working Group of the EDUCAUSE Higher Education Information Security Council (HEISC). View the other monthly blog posts with ready-made content at the security awareness resource page.

Smart/Internet of Things (IoT) devices are tremendously convenient. They also collect hefty amounts of personal data, which could potentially be aggregated with data coming from other smart devices, painting a fairly robust and accurate profile of an individual. Using Smart/IoT devices smartly and safely is key.

Get the Word Out

Smart/IoT devices may be the panacea for consumer convenience. Do you want to know and change the temperature of your house or even your fridge remotely? There's an app for that. Such devices also raise extreme privacy concerns about the data collected about you. Devices can track or discern details about your life based on usage and interaction. And that data could potentially be aggregated with data coming from other smart devices, painting a fairly robust and accurate profile of you and your life. My fitness-tracking device serves as my wake-up alarm. Not only does it track the time that I set for the alarm, it also tracks my interaction when I shut it off. Maybe your coffee maker tracks when you start the brew (mine doesn't because I'm Coffee Old School). My car tracks what time I start it, how far I drive it, and the GPS location where I park it. These data points are provided to me as the consumer but are also presumably stored by the device provider. It's only 9:00 a.m. and my smart world already has collected or observed several key privacy factoids about me. And where data exist, risk to data exposure also exists.

Devices geared toward consumers will continue to push convenience over privacy, and consumers will continue to call for greater connectivity and convenience. That means more connected devices and ongoing evolution for more information, interaction, integration, and automation. It's no longer a question of whether your home devices should be connected. Instead, we need to proactively assess the risks of such connectivity. When those risks are greater than our threshold risk tolerance, we need to take steps to minimize those risks.

Take the following steps to protect yourself when you start using a new device:

  • When you bring home a new consumer device, check to see if it's transmitting. Ask whether you need that device to be connected. What are the advantages of having your fridge broadcast the whereabouts of your cheese? Is the potential to activate remote maintenance with the device provider important to you? Do you want to interact with that device remotely? Then by all means, keep that connection. If you don't need the maintenance options or to monitor or interact with the device remotely, turn off the device's connectivity.
  • Periodically scan your networks to make sure you know and manage what's online. If you want devices to be connected, be proactive. Find out how they connect; how devices are patched; what the default security settings are; and what data are collected and how/when/where the data are transmitted. Protect your home wireless network(s) with strong password management, active maintenance practices, and vigilance.
  • Use the same cybersecurity hygiene on your smart devices that you use on your computer. While it may be revolutionary that your car is now essentially a computer on wheels, it's still just a computer. You don't have to become a cybersecurity expert, but you may want to find a few trusted sources of security advice for consumers.

It's time to get smart about your devices, manage them appropriately, and reap the rewards of their convenience.

Email Signature

Ask staff to add a tip to their email signature block and link to your institution's information security page.

Example:

Jane or John Doe
Chief Information Security Officer
XYZ College or University

Get Smart about IoT Devices! Learn more. [Link "Learn more" to this blog post.]

Social Posts

  • Do you understand how that new #IoT device works, how it connects to the internet, and the info it stores/transmits? #CyberAware
  • Know how to keep #IoT devices up to date and learn how to change/update passwords. #CyberAware
  • Understand what's being collected! Most #IoT devices will collect your info. Do you know how that info is managed/used? #CyberAware
  • Where do your #IoT data go? Find out if your personal info is stored in the cloud and how it's being protected. #CyberAware
  • Do your research before you adopt a new #IoT device. #CyberAware #PrivacyAware

Embed or Share Videos

The Internet of Me and Privacy

Resources

Share these resources with end users or use them to protect their smart devices:

Use This Image to Support Your Message

Internet of Things 101 infographic
From STOP. THINK. CONNECT. Internet of Things 101 infographic

Kim Milford is the Executive Director at the REN-ISAC.

© 2018 Kim Milford.