With the FTC’s 2015 report “Internet of Things: Privacy & Security in a Connected World” (“Report”) the idea that more than just computers and phones are able to connect to the Internet. In fact, the Report states that the “IoT explosion is already around us.” This is true, and the Report goes on to describe some of the more interesting things that can be connected to the Internet which most of us don’t think about (e.g. smart health trackers, smoke detectors, and light bulbs). However, how vast is the actual IoT? And what does that mean to businesses?

As security professionals will tell you, if it has an IP address, it is a potential access point to your network. As such, it is a potential place where a hacker can find a way into your network and then “elevate permissions” into more sensitive parts of a network. This seemed to the be way that several recent large hacks occurred. Thus, the internet of things represents a potential security hole if one doesn’t consider all the different devices which can be hacked.

So – what is out there which has the ability to acquire an IP address (and thus is a hacking risk)?

These we know about:

  • Desktop Computers
  • Laptops
  • Tablets
  • Smartphones

But what about:

  • Copy machines
  • Printers
  • Fax machines
  • VoIP enabled Phones
  • Televisions
  • Bluetooth headsets
  • cash registers (Point-of-Sale terminals generally)
  • Handheld barcode readers
  • Smart thermostats
  • Keycard readers (for doors)
  • Security cameras
  • Light bulbs
  • Environmental control panels
  • Lab equipment
  • Medical diagnostic equipment
  • Warehouse inventory scanners
  • The fridge in the break room
  • Personal fitness monitors
  • Wristwatches (iWatch)
  • Armbands 
  • Glasses

And maybe even…

Shirts and other clothes.

As each one of these neat bits of technology start to take hold companies which allow them into the physical range to connect with the corporate network will need to have a strategy to manage the security risks inherent in all of them.

It’s not going to get any easier…

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of John Tomaszewski John Tomaszewski

John Tomaszewski specializes in emerging technology and its application to business. His primary focus has been developing trust models to enable new and disruptive technologies and businesses to thrive. In the “Information Age”, management needs to have good advice and counsel on how…

John Tomaszewski specializes in emerging technology and its application to business. His primary focus has been developing trust models to enable new and disruptive technologies and businesses to thrive. In the “Information Age”, management needs to have good advice and counsel on how to protect the capital asset which heretofore has been left to the IT specialists – its data.

John’s expertise in the understanding of a company’s data protection and management needs provide a specialized point of view which allows for holistic solutions. A good answer should always solve at least three problems.

John has been a co-author of several information security and privacy publications, including the PKI Assessment Guidelines and Privacy, Security and Information Management: An Overview; as well as publishing scholarly works of his own on the topic. He has also provided input to the drafting of various security and privacy laws around the world; including the APEC Cross-Border Privacy Rules system. He is a frequent speaker globally on the topics of cloud computing, Self Regulatory Organizations (“SROs”), cross-border privacy schemes, and secure e-commerce.