The Internet of Things (IoT) has become the new buzzword in the world of technology. IoT development is bringing certain concerns related to security and privacy. These concerns are not trivial in nature and the risks that IoT presents are real. Let’s look at some of the security and privacy concerns plaguing the Internet of Things.
Invasion of privacy
When talking about the IoT, the important thing to understand is that IoT is not one device. IoT is about various devices talking to each other using internet connected modules. The list of various devices could include your car, children’s toys, home appliances, and so on. These devices and things can be easily used for unlawful surveillance by companies. For instance, if you have an IoT-enabled door lock installed at your place, then it can be used to monitor when you come home and when you leave. These scenarios are not speculative. Devices with such vulnerabilities have been found and documented.
Enterprise security
Organisations that are venturing into the IoT arena should exercise stringent security measures with their connected devices. There is always a risk of backdoor connection with devices with built-in network connectivity. A backdoor connection can be exploited for exfiltration of important data or a DDoS attack. Due to this, enterprise IT managers are required to be aware of new devices that are being connected to the network. They are also required to identify the device type and know the network location of these devices. IoT brings with it certain blind spots for organisations. Questions need to be asked regarding what kind of data is being stored on these devices and what amount of data is being transmitted from these devices and to where.
No system in place for management
The major problem that’s glaring IoT in the face is a set of standards. A set of concrete standards is essential for managing the chaos that’s plaguing IoT today. In order to have a stringent privacy policy in place, there needs to be a set of properly managed standardizations in place, which will go on to make a huge difference and will inspire a lot more confidence.
Canada’s Stance
There is an urgent need to enact a general data security legislation, which will allow the general population to cope with the risks that IoT presents. This security legislation should be technology agnostic in nature as this will allow legislation to stay strong in the face of changing technology. Data breach notifications are also the need of the hour, which sadly Canada is missing at a federal level. But, at the same time, Canada has some form of privacy law in place (PIPEDA) which is technology agnostic in nature.
The Internet of Things is a phenomenon that will bring, and is bringing, changes to the way we interact with devices. Modern systems are already capable of gathering information about a user’s habit and analysing them. It’s the type and amount of information that IoT will be gathering that makes it a potential privacy issue. To get a better understanding of legislations governing security and privacy in Canada, get in touch with Prowse Chowne.