Digitalisation has become a fact of everyday life, not just businesses activities. In fact, anyone who has any kind of connected device at all (iPhone, fitness tracker, laptop etc.), in other words any user of the internet of things (IoT), is involved in digitalisation. As such, absolutely everyone should also be concerned with the issue of cybersecurity.
The issue of cybersecurity is often viewed as a head ache for big companies, which it is of course, but not exclusively. Any person who has a connected device, and it is increasingly difficult to find someone who does not, is open to cyber threats and, therefore, should also be concerned about cybersecurity. Do you really have any idea how much data there is about you out there? Do you understand how it got there?
What we are referring to here is the internet of things (IoT), but what exactly does that mean?
Simply put, the IoT comprises all devices that can be connected to the internet and each other and can share data between each other. This includes everything from mobile phones, headphones and laptops to fitness trackers and even coffee makers and washing machines. It even includes components of machines like jet engines. In short, anything that has an on-and-off switch and can be connected to the internet.
According to analysis by Gartner, “8.4 billion connected things will be in use worldwide in 2017, up 31 percent from 2016, and will reach 20.4 billion by 2020,” and that the vast majority of this will be consumer applications i.e. our stuff.
This represents a lot of connected devices talking to each other and, although they are without a doubt making our lives easier in ways we never imagined, it also represents a lot of potential for abuse.
Yet, according to the Luxembourg government’s recently published Cybersecurity strategy (as reported on Delano here), “There are too many users--both natural and legal persons--who are victims of the most common computer attacks. In spite of the multiple efforts made to raise awareness in recent years, it will be further necessary to raise users’ awareness of the potential consequences of a digital threat.”
We can’t all be IT security experts, so Povilas Zinys, product portfolio manager at LuxTrust provided a basic guide to consumers on how best to protect their stuff from cyber abuse. It turns out it is our responsibility too.
“First, don’t buy cheap devices from untrusted providers that come from countries with slack data protection frameworks,” he said. “Next, read the cloud service policy to make sure you understand where your data is going and how it is used. Look for red alerts such as, ‘the provider does not take any responsibility for exposing data’.”
Another alert to be on the lookout for is, “The provider reserves the right to resell data to 3rd parties without the user’s consent,” or some variation of this.
Zinys also recommends, “Keep your IoT devices connected to a separate network from your more important devices such as laptops, phones and tablets. For this purpose, use a router (gateway) that you only connect to IoT devices. Avoid connecting IoT devices directly to the internet.”
He also suggests looking for devices with hardware-based security, firmware updates and certificate-based authentication. “If your device does not ask to be updated at least once a year, throw it away.”
As for the real basics, he said, “Pick good passwords (at least 10 characters) and use a different password for every device.” How many of us can honestly say we do that?