As if you didn’t already have enough to worry about with cybersecurity, now you’d better think twice before plugging in your new office printer or coffeemaker.
The Internet of Things (IoT) – an evolving system of technologies that interact with the physical world – can turn a harmless device into a potential threat.
“Seemingly every appliance we use comes in a version that can be connected to a computer network,” says the National Institutes of Standards and Technology. “But each gizmo we add brings another risk to our security and privacy.”
Most lawyers have only a vague understanding of the number of IoT devices they use every day that pose a cybersecurity risk. Even devices that don’t have a direct interface can connect to your network and become a doorway for cybercriminals. Most of the time, there’s no way to install security software to close and lock that door.
To enhance IoT awareness, the NIST has published Informational Report 8228, which explains the dangers and provides solutions for preventing or mitigating loss.
Protect your practice by attending a free CLE webinar on August 14 on “Top 10 Things To Prevent a Data Breach?” It’s just one benefit of membership in the Alta Pro Lawyers RPG. Learn how to join here.
From Security Cameras to Light BulbsThe Internet of Things came about because of the convergence of cloud computing, mobile computing, embedded systems, big data, low-price hardware and other technological advances.
One problem: nobody, not even the savviest expert, knows for sure how big the IoT is. All we know is that its scope is mind-bogglingly vast – and growing by the day as new products hit the market.
It is estimated that there will be 20.8 billion IoT devices in use by 2020. The list includes garage door openers, foot massagers, washer-dryers, refrigerators, robotic vacuum cleaners, GE appliances, countertop ranges, smoke detectors, deadbolts, music systems, window blinds, and on and on.
“Versions of nearly every consumer electronics device have become connected IoT devices—kitchen appliances, thermostats, home security cameras, door locks, light bulbs, and TVs,” says NISTIR 8228.
Three key things to know about the IoT:
- Many IoT devices interact with the physical world in ways conventional IT devices usually do not.
- Many IoT devices cannot be accessed, managed, or monitored in the same ways conventional IT devices can.
- The availability, efficiency, and effectiveness of cybersecurity and privacy capabilities are often different for IoT devices than conventional IT devices.
6 Ways to Protect Yourself
- Be educated. Train yourself and your staff on IoT risks. A good start is to download and discuss NIST IR 8228.
- Secure your devices. Limit access. Use strong passwords. Restrict the use of devices outside the office.
- Consult an expert. Talk with your IT person before installing a new device in your office. Bring in an outside expert to conduct an on-site security audit.
- Protect data security. Make sure the information stored on or accessed by IoT devices is kept secure.
- Use devices properly. Follow the manufacturer’s instructions for installation and activation. Install updates as needed.
- Dispose of devices safely. Printers and copy machines should be disposed of and recycled with care. Their operating software may contain tons of sensitive data.
“IoT is still an emerging field,” says one of the authors of NIST IR 8228. “Some challenges may vanish as the technology becomes more powerful. For now, our goal is awareness.”
Alta Pro Insurance offers comprehensive cyber-liability insurance protection. Our Pro Practice Playbook has pointers and tips for 24/7 computer protection. Join the Alta Pro Lawyers RPG and get these and many other valuable benefits.