Navigant's Cyber Risk and Information Security PracticeLearn More


Internet of Things18 May 2017

IT Security, Risk Management

It would not surprise me if you have never heard the term “the internet of things” (IoT), meant to encompass the plethora of devices that can communicate with the internet.  The category of gadgets is growing, personally, I’ve added a third. My top choice is the cell phone, “mother of all internet of things,” and is what has the ball moving in the first place.  My second technology gadget is a Fitbit, because who doesn’t love looking at their heart rate after two flights of stairs?  However, my third has been a godsend and gotten me out of some sticky situations. It’s the Tile, the magic piece of technology that has helped me locate my often misplaced keys, mostly within the home. I’m not trying to selflessly promote any piece of technology, thanks for finding my keys Tile, but it’s important to note how fast these devices are incorporated into my day to day.

Certainly, we are well aware of the IoT devices in our home.  These devices can be anything from door locks and lights to refrigerators and eggs trays.  They allow us to perform a number of cool and time-saving actions like, remotely viewing the contents of our refrigerator, manipulating lighting color, and having devices like Google Home or Alexa answer questions about the weather. Even I can’t wait for the next IoT device to make its debut, but with all this excitement about the next great IoT gadget, is there a catch?  The obvious answer is yes.

When it comes to IoT devices, the major concerns lay with device security and privacy. A secure IoT device is almost impossible.  IoT devices are at a disadvantage because they are often always connected and always on, leaving attackers time to figure out how to take control.  However, what’s more concerning is privacy. The newer IoT devices can listen, video stream and integrate with your phone collecting information about you. Whether this information is being sent to the manufacturer or maliciously collected by a bad actor, would you know? The honest answer is you probably won’t.  So while securing IoT devices is important, it may be more important to understand how your personal information could be exposed if there was a breach.  These are important questions to ask when you start adding “always on and always connected” devices to your life.

COMPASS recommends that you research the security related settings on IoT devices before you purchase them. If you do buy them, make sure that you take the time to customize the security settings and make sure that your personal, private information is kept private. If you are in a business environment and need to implement IoT devices it is recommended that you deploy security controls such as network segmentation to minimize the potential risk exposure of an IoT device being compromised.

If you would like to learn more, please download our IoT podcast on iTunes and SoundCloud or contact COMPASS.

  • By Darren Chaker : Great run down on the gadgets centered around the IoT continues to evolve. I also think it is important to stay up to task on security for those items as it is common for manufactures to push products to market without having security measures in place.

Work With Us Learn How