With billions IoT devices now in place, and growing exponentially, apparently IoT manufacturers have not given a great deal of thought to security so the FTC recently urged Best Practices to IoT manufacturers as “part of the security by design process, companies should consider: (1) conducting a privacy or security risk assessment; (2) minimizing the data they collect and retain; and (3) testing their security measures before launching their products.” The January 27, 2015 press release from the FTC highlighted these 6 security recommendations:
- Build security into devices at the outset, rather than as an afterthought in the design process;
- Train employees about the importance of security, and ensure that security is managed at an appropriate level in the organization;
- Ensure that when outside service providers are hired, that those providers are capable of maintaining reasonable security, and provide reasonable oversight of the providers;
- When a security risk is identified, consider a “defense-in-depth” strategy whereby multiple layers of security may be used to defend against a particular risk;
- Consider measures to keep unauthorized users from accessing a consumer’s device, data, or personal information stored on the network;
- Monitor connected devices throughout their expected life cycle, and where feasible, provide security patches to cover known risks.
IoT security and privacy are huge problems, and cyber criminals clearly have recognized for years….so watch out!