Iris Insights: The Internet of Things – Hackers’ New Door to Customer and Employee Data

Posted September 15, 2016 9:09 am & filed under Articles
Iris Insights: The Internet of Things – Hackers’ New Door to Customer and Employee Data

Smart Coffee Maker IoT

Hi there – Iris here, providing information on a commonly-asked question from my clients:

What is The Internet of Things (IoT) and how might it affect my customers and/or employees?

The IoT refers to the ability of everyday objects to send and receive data and connect to the Internet. It has expanded rapidly in the last few years and its growth is expected to continue to skyrocket over the next four years. According to the FTC, there were 25 billion connected devices in 2015 and by 2020 that number is projected to double! As the number of connected devices grows, so does consumers’ and companies’ vulnerability to hackers and risk for identity theft.

John Iannarelli, a retired assistant special FBI agent, cautions that IoT devices “present unique security risks to consumers.” The FBI warns the following connected devices have the potential to be compromised:

  • Automated devices that remotely or automatically adjust lighting or HVAC
  • Security systems, such as security alarms or Wi-Fi cameras
  • Medical devices
  • Thermostats
  • Wearables devices, including fitness devices
  • Lighting modules that activate or deactivate lights
  • Smart home appliances
  • Office equipment
  • Entertainment devices that control music or television from a mobile device
  • Fuel monitoring systems

The data that can be accessed from some of these devices (like fitness trackers) may appear harmless; however, that perception couldn’t be further from the truth. Identity thieves often aim to gather as much information as possible from multiple sources including social media, discarded mail and data stolen from compromised devices to trick or impersonate victims and commit identity fraud. Furthermore, as these devices become more inter-connected, the potential increases for thieves to access not just one device but also other devices it’s connected to! Iannarelli explains, “If a hacker gains access to your smart refrigerator, it could serve as a conduit to any other device connected to your home network, such as your home security system or personal computer.”

My customers often incorrectly assume there is a government body regulating the security of IoT, but there is no single regulatory authority that does so.  A number of major industry leaders, however, have formed alliances such as the Fast IDentity Online (FIDO) Alliance, and the government has created initiatives such as US NSTIC (National Scheme for Trusted Identities in Cyberspace) in an attempt to set standards in this area. Though, the lack of a singular government body dedicated to the regulation of IoT underscores the importance of individuals and companies alike taking precautionary measures to safeguard personally identifiable information (PII).

The Identity Theft Resource Center recommends taking the following measures to mitigate risk:

  • Isolate IoT devices on their own protected networks
  • Disable Universal Plug and Play on routers
  • Consider whether IoT devices are ideal for their intended purpose
  • Purchase IoT devices from manufacturers with a track record of providing secure devices
  • When available, update IoT devices with security patches
  • If a device comes with a default password or an open Wi-Fi connection, change the password and only allow its operation on a home network with a secured Wi-Fi router
  • Be informed about the connective capabilities of any medical devices prescribed for at-home use
  • Ensure all default passwords are changed to strong passwords, and do not use the default password determined by the device manufacturer

While all these recommendations are important safeguards, a more comprehensive option is to offer my identity protection service to your customers and employees. My online data protection suite protects computers, where consumers often keep their most sensitive data, from hackers trying to access them via IoT devices. My monitoring continuously scans the surface and deep web for compromised data, and if detected, will send alerts to customers and minimize the impact of the incident.  My award-winning customer service team is available 24/7 to help customers put safeguards in place if their PII is compromised and resolve any fraud that may have taken place. I also offer an ever-growing library of educational resources available to customers that include information on the different types of vulnerabilities identity thieves target to steal PII and commit fraud, as well as tips on what consumers can do to protect themselves.

To learn more about my 360 degree approach to identity protection request a demo, and for more identity protection insights, subscribe to my newsletter.