The Internet of Things is one of the biggest security risks faced by organisations today. Why? Whilst it is expected that the server farm you purchased is secure (whatever that means in this day and age), what are the expectations of the smartwatch your staff member brought in, or the $100 printer you have on your network?
Have you ever paired a Bluetooth device? If the password for that wasn’t 1234 or 0000 then I’d be surprised. If the password can be guessed, then you might as well give your money away right now.
When a product designs a new product they tend to focus on what will sell best rather than its security profile. The average consumer today just cares whether their latest gadget LOOKS great, rather than it actually being secure.
Worse still, not only do some fitness devices track their owners every move – they then upload that data to another 3rd party cloud provider to analyse their results.
Think this through:
1. Someone’s fitness device is hacked
a. Location data on this device shows their daily movements
i. What time they usually sleep and for how long
ii. What time they usually leave the house
iii. Where they go on any given day i.e. place of work
b. The person’s personal email address is known
i. What’s the chances of the password for their fitness device being the same as their personal email?
2. Hacker knows the person’s name, birthday and home address
a. Tries the fitness device password at the work email address
3. They’re in
Think that’s make believe? Your password has probably already been hacked – here’s one example:
What can you do?
1. Use different passwords for different sites
a. Make sure you use unique ones for anything you deem as valuable
2. Try to anonymise yourself when setting up email addresses etc (link to our blog post about this)
3. Lock down your business network. Don’t let staff onto WiFi with their phones or home laptops because you don’t know what they might have on those computers
Still stuck? Well, talk to a company that can help guide you through the security minefield.