Personal data breaches are one of the fastest-growing cybercrimes in the US. As IoT devices become increasingly common at home and in the workplace, measures must be taken to secure them at every point.
By Damon Culbert, Content Writer, Cyber Security Professionals
Personal data breaches are one of the most common and fastest-growing cybercrimes in the US, increasing by more than 60% between 2017 and 2018. While the issue of sensitive data is becoming much more commonplace in the media, the full extent of the issue is far wider than most people perceive. As more and more devices connect to the internet and each other, holes in the defenses of both home and workplace security could be leaving thousands of personal data records exposed at all times.
The Internet of Things is a phenomenon which is reaching into offices and homes across the world as tech companies test consumer imagination about what devices can be connected to each other and for what purpose. Like smart thermostats, washing machines and light bulbs fill homes, integrated security systems, smart desks and intelligent A/C systems fill offices. But these devices have specific security concerns that are often forgotten about by consumers in the race to make their lives easier through integration.
In the workplace, one of the biggest challenges comes from Bring Your Own Device (BYOD) policies where staff use external devices like laptops and phones to support their work. Enabling staff to access their work wherever they are and have a high level of connectivity with their work even when on the go is great for productivity but without the right security measures, devices from home could cost more than their worth.
If a device is compromised outside of work and is allowed to connect to the office network, malicious software could break through the organizations’ defenses and cause problems from the inside. Additionally, if not all devices are operating at the same level of security, the weak links could be exploited by cybercriminals and result in personal data breaches of staff or client data.
The simplest way to avoid these kinds of issues is to ensure that all devices used by staff are approved by security experts and where issues are found the devices are properly secured or replaced. Having a consistent security policy which covers all devices that interact with the main organization network is vital to protecting any personal data the company holds in its employees and clients.
Integrated home devices
At home, the rise in products such as Amazon’s Alexa and the Google Home assistant have seen integrated devices springing up everywhere, creating fully interconnected homes where everything can be controlled with voice commands or centrally from a mobile phone. In the rush to create so many IoT-ready devices, many suppliers have neglected to focus on security, meaning many devices are a risk to consumers’ personal networks.
Some IoT devices store the wifi password insecurely; meaning hackers could break in through the weaker defenses around an IoT device like a home security camera or even a pair of hair straighteners and gain access to the entire network from there. Manufacturers of IoT products need to make sure that measures are taken to secure their devices before marketing them but consumers also need to be aware of the potential issues a product may pose before they buy it and add it to their network.
Home assistant breaches
Given recent news about how Google Home assistants and Amazon Alexa devices have been sending recordings to human operators and even accidentally leaking recordings to other users, how companies use the personal data we provide them with is also becoming an increasing concern. While users willingly bring these devices into their homes, many don’t consider the safety implications of having a machine that is constantly listening in their homes.
Even if home assistants are only sharing the voice recordings between other employees, there is still always the possibility that these companies will be hacked and the personal data caught on the recording will be leaked or exploited by hackers. As Natwest plans to introduce ‘voice banking’ in partnership with Google in the UK, not only do the possibilities for integration seem endless but also the possibilities for exploitation.
Online security is becoming a much more popular concern as the ways we interact with the internet become more diverse and in many ways more complex. Not only is it the responsibility of manufacturers to ensure IoT devices are as secure as possible before marketing them, but those who introduce new devices to their home or workplace environment need to keep security in mind to tackle the personal data crisis emerging across the US.
About the Author
Damon Culbert is a Content Writer for Cyber Security Professionals. Cyber Security Professionals is a specialist job site advertising vacancies in the information security industry around the world. Cyber Security Professionals can be found online at @cysecprofs (Twitter) and at our company website: https://cybersecurity-professionals.com/