Firm Publication

While the WikiLeaks CIA dump makes for interesting reading about our nation's capability to hack certain connected devices, it does not mean we are all being spied on while waiting for a microwave burrito. However, fanciful headlines do foreshadow privacy and data collection issues as the number of those connected devices (the "Things" in the Internet of Things) grow.

From pacemakers to thermostats to baby monitors to toasters, everyday devices are becoming "smart." Unfortunately, many of these Things and the data they collect are notoriously insecure – many with outdated security and even known flaws – primarily because the flood of these devices has been so new and fast, and the devices are so varied, there are no security standards, and the devices are poorly patched.

These security flaws have not truly been exploited because these devices historically have been too frivolous to attack. That may soon change, because increasingly "smart" devices are gateways to more worthwhile targets, such as their connected networks. In addition, because the types of connected devices are becoming more substantial (such as our cars), the data being collecting is becoming more valuable, precise, and capable of being mined.

Use of "smart" Things is a matter of convenience and lifestyle choice. However, that choice should be guided by whether you think every-Thing in your life really needs to be connected. Does your child really need a connected plush toy that collects her location, sibling's names, voice recordings, birthday and photo? Do other devices really need to send usage data to their manufacturers?

Often the answer will be that the convenience and usefulness of the Thing – such as watching Netflix on a smart TV or controlling your thermostat remotely – outweighs the low risk of a data breach. If you make that choice, you should at least do a cursory review of the types of information the device intends to collect, the device's security, any privacy policy provided by the manufacturer, and any consumer and expert reviews of that device.

In a welcome security step forward, some companies have started to employ two-factor authentication. For instance, Nest recently rolled out two-factor authentication for its home video cameras, thermostats and smoke alarms. Apple's HomeKit also includes a two-factor authentication option. Although text-based two-factor authentication is not failsafe, it certainly adds an extra layer of protection to account security.