Business fears: The need for better security in the Internet of Things

Cybersecurity in business is often overlooked, underfunded or simply not given enough thought. Though recent research by Avast Business found that 96% of SMBs are concerned about malware and ransomware, the ‘it won’t happen to us’ attitude is still just as prevalent as the underlying fear of being hacked.

Why aren’t businesses doing more to protect themselves against the very attacks that they’re afraid of, and what could IoT developers be doing to help minimise risks?, says Greg Mosher, VP of Engineering at Avast Software.

90% of those responding to the survey stated that they had concerns about password hacks, and with 90% of online passwords currently thought to be vulnerable to hacking they are right to be concerned. Internet of Things devices are often left to rely on default passwords, or not password protected at all. This is a major security risk when you consider that IoT technology, like CCTV cameras and heating systems, share their connection with business computers storing huge amounts of sensitive data.

Businesses concerned about hacks should ensure that staff are fully aware of the risks of using easily-cracked passwords, instigating regular password updates using cryptic formulas across all devices.

Are you concerned about password hacks?

US retailer Target became the victim of a substantial attack in 2013 when hackers gained access to customer credit card data via internet connected heating and air-conditioning systems. The potential for security breaches like this may be what led another piece of recent research to list IoT devices as one of the top 10 points of entry that hackers can use to access data.

Corporate data theft

Unauthorised access to corporate data and computer systems cost serious money. 89% of Avast Business’ respondents were concerned about corporate data theft, in no small part due to the estimated £9.2 billion (€10.40 billion) lost to cyber-theft of intellectual property and £7.6 billion (€8.59 billion) lost to cyber-espionage each year in the UK alone. 87% of those surveyed also cited concerns about Wi-Fi security breaches.

Are you concerned about corporate data security and data theft?
89% are

In 2015, 74% of small UK businesses and 90% of large UK businesses reported having a security breach of some kind. While there are a range of factors needed to prevent breaches like these and protect data from theft, properly securing Internet of Things devices and patching vulnerabilities should not be overlooked. For those working in IoT development, energy needs to be focused on in-built security measures and the room for additional security protection to be added by users.

At the 2016 RSA Conference, the message was loud and clear: IoT will crash and burn if security doesn’t come first. Though these kinds of devices are generally used on secure private networks, if product development doesn’t spend enough time considering security pitfalls, the devices created won’t be as indispensable as we might like to believe. Weaknesses will be exploited, and when that happens hackers won’t just have access to a single device – they will have control of every device in the network.

For any business […]

The post Business fears: The need for better security in the Internet of Things appeared first on IoT Now – How to run an IoT enabled business.

Blogs – IoT Now – How to run an IoT enabled business

IoT for Good: How the Internet of Things is Transforming Our World for the Better

Increasingly, the transformative power of the Internet of Things is making our world a better place. From reducing city pollution to creating smarter crop management practices and more sustainable energy, IoT is helping to advance economic and social benefits.
IoT – Cisco Blog

The Lazy Person’s Guide to Better Online Privacy

I consider myself a high-functioning lazy person. I do my laundry regularly, but leave clean clothes in a pile on the floor. I make it to work on time, but have to set my alarm for an hour earlier than I’d like because I hit the snooze button so many times. I will wear a blazer to my business casual office, but only to cover up my terribly wrinkled shirts… which I pick up off my bedroom floor each morning. At the Internet Society, I work primarily on topics related to security and privacy. Through my work, I have the pleasure of learning about new vulnerabilities or computer viruses, how different apps and devices can or already are spying on me and selling my data, and all other manner of scary online threats. As you can imagine I’ve become increasingly paranoid about my online privacy. Yet, when it comes to online privacy, lazy and paranoid is a terrible combination. I know what I should be doing to better protect my online privacy. I know I should update my devices regularly. I know I should be using two factor authentication when its available. But, like the clothes I know I should be folding, I never take the time to do so. So, this Data Privacy Day, I’m making a change. When it comes to online privacy, for too long I’ve just been lazy and paranoid. Now, it’s time for me to become the paranoid, high-functioning lazy person I know I can be. Like overdressing to hide a wrinkled shirt, it’s time to take my laziness and turn it into a strength. Here are a some actions I’m taking on Data Privacy Day to improve my online privacy. All of them are easy, and a few don’t even require follow-up.

  • Learn how to “shop smart” for connected devices. You don’t want to have to return a connected device because it is spying on you. Returning things is a pain. Learn how to “shop smart,” and buy privacy respecting connected devices so you won’t have to.* My post on shopping for connected toys and Mozilla’s guide to shopping for connected gifts are both great places to start.
  • Update your devices and its applications. If a device or app has an auto-update feature, turn it on! Are you really going to want to take the time to update it later? Often this is as easy as a couple clicks. And don’t forget to update the less obvious devices. Anything that’s Internet connected, from your light bulbs to your thermostat, should be updated.
  • Turn on strong encryption. Some devices and services have the capability to use encryption, but don’t turn encryption by default. This is like owning a safe, but leaving it unlocked. Take a few minutes to see if your devices or services are already using encryption or if you need to turn it on.
  • Review the permissions on your mobile device. No flashlight app ever needs to track your location or your calendar. So, don’t let them! Seriously, do this, it takes less than five minutes. Review your permissions settings and turn off the permissions for apps to gather more data than you’d like.
  • Review the privacy settings on your social media and store accounts. You may be sharing a lot more than you intended through your social media and store accounts. Review your privacy settings to determine who can see what you write, the pictures you post, or your other activity on the platform. Ask yourself, who do I want to see this sort of information, and who do I not want to see it. When possible, avoid linking your social media accounts with other third party services. Your social media platform does not need to know what music you listen to, so don’t tie your music streaming service to your social media account!
  • Boost the privacy protections on your favorite browser. There are lots of great browser extensions or plug-ins that can increase your privacy when browsing the web. One browser plugin,
    HTTPS Everywhere, will ensure that if a website offers an encrypted SSL connection, it will use it. Others, like Ghostery and Privacy Badger, will block tracking cookies or web beacons that companies use to track your browsing habits. Getting privacy protecting browser plugins is a quick and easy way to better privacy.
  • Stop reusing passwords. It is tempting to reuse a password for multiple devices or services. How are you supposed to remember different passwords for everything? But, while reusing a password may be easier for you to remember, if hacked or stolen, it also makes it easier for criminals to gain access to your other devices or services. Take a few minutes to get a secure password manager and learn how to use it, or, for home devices, write down your passwords in a securely stored notebook.
  • Turn on two factor authentication (2FA) for your applications and services. Okay, this one is a bit of a stretch goal but hear me out. When you think of 2FA, think of something you know (e.g. password) and something you have (e.g a security token). 2FA means if someone only has your username and password they can’t login as you, and that’s really important, because companies lose databases of their users passwords all
    the time. The Two Factor Auth site will walk you through how to set it up for almost every website that supports it. Banks, social media, everything.

This Data Privacy Day, lets take action to better protect our privacy online. We might not clean our rooms and dust our furniture, fold our clothes, or wake up on the first alarm, but we’d rather not have our devices show the world just how lazy we can be.

*Strong security and privacy takes time and effort, and device manufacturers can be lazy too. So sometimes, there isn’t going to be a privacy respecting option. At the Internet Society we’re working hard to make it easier for device manufacturers to do the right thing when it comes to security and privacy. The OTA IoT Trust Framework provides manufacturers and others with a simple risk assessment guide for connected devices and systems.

The post The Lazy Person’s Guide to Better Online Privacy appeared first on Internet Society.

Internet Society

Today’s Steps to Make a Better Tomorrow!

We are delighted to announce the launch of 2016 Beyond the Net Impact Report and 13 amazing new projects.

As we look at the past year, we are proud of the achievements our community has made with funding from the Beyond the Net Programme. We have some great examples of how the Internet can have a positive impact in people’s everyday lives. By building community networks in Africa and Europe, improving Internet connections in North America, or ensuring that people can trust their connection in Asia, we’re contributing to things like closing the gender gap, building partnerships, and helping kids stay in school.

In 2016, we took a huge step forward to consolidate the Beyond the Net Programme. When we see how the Internet can improve the lives of hundreds of farmers in Latin America or how children can develop new skills by learning how to use the Internet in the Middle East, the aim of the program and of our organization becomes crystal clear. The numbers and the stories behind them are a good reminder that the Internet was built as a force for good.

The projects highlighted in this report serve as a critical reminder that as long as humanity is at the center of tomorrow’s Internet, its future is ours to shape for the next generation.

It is with that in mind, that the Beyond the Net Selection Committee selected 13 new projects! These projects cover issues like: connecting unprivileged and rural areas in Tanzania, Greece, Kenya, Honduras, and Paraguay; establishing an online audio library for people with visual impairments in Rwanda; promoting safety online in Palestine and Kenya; teaching digital literacy to indigenous communities in Canada and teaching girls how to code in Sri-Lanka; developing content for endangered languages in Peru; consolidating the institutional framework of the Bolivian Academic and Scientific Network; and raising citizens’ awareness on the issues related to personal data usage in Finland.

Each of these projects is a milestone in the mission of the Internet Society that contributes to the Internet we want to build for tomorrow.

We thank all the previous grantees for their hard work and congratulate the new ones!

Find out more:

The post Today’s Steps to Make a Better Tomorrow! appeared first on Internet Society.

Internet Society

Let’s Mobilize for Better Data Stewardship

If we want organizations like Equifax to be good data stewards, we, the users and consumers, must mobilize.

In October, the Internet Society explored why the dominant approach to data handling, based around the concepts of risk and compliance, does not work. To recap: “…data handlers try to adhere to regulatory requirements and minimize the risk to themselves – not necessarily to the individuals whose data they handle. For some data handlers, the risk that poor security creates may not extend to them.”

Euphemistically put, Equifax has not been an example of forthcomingness, transparency, and accountability. Users can change this paradigm. Users can shift the cost of a data breach onto the data handler by holding the accountable for their action or lack of action.

The key is to organize. For example, Consumer Reports is organizing a campaign calling on Equifax to take the next steps to address the fallout from the data breach. Their first step was to deliver a petition signed by over 180,000 individuals to Equifax’s headquarters.

To continue making sure Equifax does everything in its power to make things right for consumers in danger of identity theft, Consumer Reports is fundraising. The Internet Society just pledged 10k to this cause, and we hope others will join us.

Other actions you can take:

  1. Sign the Consumer Reports Petition to Equifax.
  1. Prepare for a breach incident with the Online Trust Alliance’s 2017 Cyber Incident & Breach Response Guide.
  1. Read the Global Internet Report 2016 to take a close look at the economics of data breaches and consider five recommendations for a path forward.

The post Let’s Mobilize for Better Data Stewardship appeared first on Internet Society.

Internet Society