Passed in May 2018, the General Data Protection Regulation (GDPR) is an EU law designed to give users more control over their personal data – and to protect against data breach and misuse.
Unlike in Europe, in the US, there is no single, national law that regulates the collection and use of personal data.
Instead, US companies’ data protection, is regulated by a system of federal laws, in addition to many guidelines developed by governmental agencies,
The US companies’ data cannot be considered as actual laws, but are part of self-regulatory frameworks. These “frameworks” are recognized as “best practices.” If you are as bother by this as I am — you are really bothered.
This is a particularly important topic when considering the fast-growing IoT industry, which collects and hoards immense amounts of user data. This very sensitive data passes this data through a number of hands, and relies on this data to make accurate predictions about its users.
Our devices are particularly vulnerable to data breaches. Companies are using and producing IoT devices, and most don’t know the difference between IoT, IT, and IIoT. Each of these are facing a unique set of challenges.
The Importance of Data Security for IoT Home Devices.
In the world of IoT, data security is tricky for a number of reasons.
- First, there’s so much data collected by IoT devices that it can be hard for companies to keep track of it.
- IoT home security cameras, for example, have information about individuals’ comings and goings from their home as well as their facial features.
- Smart home speakers gather data about which music and news channels each family member likes to listen to.
- Smart fitness devices collect data about a person’s weight, sleeping and eating habits, and exercise routines.
The amount of personal data these devices collect is almost infinite, and the list goes on and on.
Another reason IoT data security is tricky is that more than with the other typical tech companies, user data passes between many different entities along the supply chain.
- Access to user data is never just limited to the company who produces the device.
- Many IoT companies rely on data analytics and data processing in the cloud for their devices to function as well as they do.
This means that ALL these analytics platforms can also access ALL the collected data.
The data gathered from IoT home devices is highly personal. Cases of data breach or exploitation can have drastic effects on both individuals and society at large.
- A malicious actor, for example, could use a person’s data to spam them with aggressive advertising.
- Now there is the ability and information to conduct financial scams.
- Information can be to exploit user data to influence society for political purposes.
- Situations can now occur similar to Facebook’s Cambridge Analytica scandal — and that was surely hushed up quickly.
Strong security needs to be inbuilt in IoT devices in order to avoid such mishaps — but it is not required.
The Importance of Data Security for IoT Company Devices.
IoT data protection isn’t just about protecting personal user data collected within the home. Data security report site Secure Thoughts notes that IoT devices are used by companies put user data at great risk. This is in addition to those in individual homes and work places that put user data at great risk.
If those devices aren’t secure, hackers can use them to infiltrate a company network, thereby obtaining access to that company’s data.
As Internet of Business (IOB)reports, 81 percent of professionals working in risk oversight or corporate governance believe that a serious data breach – caused by an unsecured IoT device within their company – would likely occur within the next two years. The research conducted jointly by the Ponemon Institute and the Shared Assessments Program.
- This information indicates that approximately half of respondents said their companies don’t keep an inventory of IoT devices or their applications.
- Meanwhile, only 46 percent say their company has a policy for disabling a risky device.
- Following this only 29 percent actively monitor IoT device risks.
While these very same companies likely have other cybersecurity systems in place — their users’ data protection regulation is questionable if their IoT devices aren’t secure. Indeed, these devices could very well be an open window for hackers to access sensitive user information collected by these companies.
An embarrassing example of this occurred just this past April when hackers were able to obtain data about casino customers by gaining access to the smart thermostat inside the casino’s connected aquarium.
IoT security compliance isn’t only about the IoT industry collecting, storing, and sharing user data in a secure and responsible way. Other tech companies that use IoT devices within the workplace also have to ensure that these devices are truly secure in order to avoid putting their own customer data at risk.
IoT Security Compliance Is a Crucial Aspect of Data Protection.
When there’s so much data accessible to many different entities, it’s difficult to ensure that all involved actors meet the security standards required by each state.
Without effective data protection across the whole supply chain, information about the most personal details of users’ lives could get into the wrong hands.
For companies that use IoT devices, security needs to be twofold.
We need IoT developers to work to ensure built-in device security.
- Companies that use these devices need to create a protocol for securing and monitoring these devices, just as they do with the rest of their system.
- Ill-intentioned companies and hackers are looking to exploit user data for their own gain. Increased attention needs to be regulated to making sure the security of IoT devices is the only way to avoid putting users at risk.