As we fast
track now into Thanksgiving and the Holidays, gift giving is going to be the norm
yet once again. To me, I think it should
be plain and simple, and luckily for me, most of my close friends are happy
with getting a nice gift card to their favorite restaurant.
But for many
other people, and especially those with families with kids, electronic items
seem to the be premier choice for gifts.
While this may
be nice, there is one thing you need to take into serious consideration. And that is, Cybersecurity that is in the
electronic item that you are giving. A
long time ago this was an unheard thought, but nowadays, you must be careful.
One such
instance in which you need to pay incredibly careful attention to is when you give
a gift that falls under the realm of the “Internet of Things”, also known as “IoT”
for short. While some of us have a
general concept of what it is, here is a technical definition of it for those
who may not have heard of it:
“The Internet
of Things (IoT) refers to a network of physical devices, vehicles, appliances,
and other physical objects that are embedded with sensors, software, and
network connectivity, allowing them to collect and share data.”
(SOURCE: What is the Internet of
Things (IoT)? | IBM)
Although the definition
primarily refers to physical devices, it can also refer to those that are
virtual as well. Probably one of the best
examples of the IoT is what is called the “Smart Home”. In this set up, all your appliances (or just some
of them) are interconnected together.
So, when you
get up in the morning, and want to start brewing that first cup of coffee, you
can simply tell your digital assistant to do it, and it will start.
But despite
these neat advantages, IoT devices, at least those that are used in the home
environment, possess a number of Cyber risks to them, which are as follows:
Ø
If
you have multiple IoT devices all connected, you are simply creating a large
surface for the Cyberattacker to covertly penetrate. Once they are in one
device, they can quite easily move into the others as well, causing havoc in
your home.
Ø
The
network communications that IoT devices are not encrypted. They primarily use RFID transmissions, which
can easily get hacked into with a simple network sniffer.
Ø
Any
information or data that you have on your IoT devices are saved in a plaintext
format. Meaning, if you have your
password stored on one of them, that is how it will exactly appear to the Cyberattacker
after they get into it – your password will be in plain English.
Ø
Many
of the vendors that manufacture IoT devices for the home typically do not take
Cybersecurity into consideration in the design of it. For instance, they often tell customers that
simply relying on the default security settings they have in place are enough –
which is a blatant lie.
Ø
Customers
of IoT devices can easily fall prey to a scam – such as buying a fake product
on Amazon or eBay.
But the good
news here is that governments, and even here in the United States, are stepping
up to the plate in creating and enacting legislation intended to help protect
consumers. Some of examples of these are
as follows:
Ø
The
passing of the Cyber Resilience Act by the European Union (EU).
Ø
The
passing of the Cybersecurity Bill 2024 by Australia.
My Thoughts on This:
If
you still decide to purchase an IoT device as a gift, consider these safety
tips:
Ø
Make
sure of the authenticity of the device you are buying. Although it is quite tempting to get a
cheaper one from Amazon or eBay, remember the adage that “you get what you pay
for”.
Ø
If
you decide to make this purchase online, make sure you do it on the ecommerce
store of a reputable vendor.
Ø
Go
through the Google reviews for those IoT devices you are interested in buying.
Ø
If
possible, contact the vendor directly to see what kind of Cyber safeguards they
put into the device. If you do not feel
comfortable with what they are telling you, then that should be a huge red flag
to you to avoid getting it all together.
Ø
Once
you have made that purchase, make sure to tell the person to whom you are giving
it as a gift to make sure that they do not use the default settings, but rather
put it in the highest thresholds that are possible.
Ø
Also,
remind them of the need to download the relevant software patches, upgrades,
and even the firmware onto the device as they come out.
Ø
Remind
them not to store personal data on the device.
If a Cyberattacker can get hold of this, it will be sold on the Dark Web
or worse yet, even be used in an extortion attack.
Just remember
that in the end, trust your gut. If
something does not feel right, look for another IoT device that you are more
comfortable with giving away as a gift.
Cybersecurity,
as it relates to the IoT, is not just confined to the home – it also has a strong
bearing on the Critical Infrastructure as well.
But this will be examined in a future blog.
No comments:
Post a Comment