The Future of Connected Devices

Globally, the internet of Things (IoT) consumer market is anticipated to reach almost $1.6 trillion by 2025 according to Statista. Homes and buildings are increasingly utilizing smart technology to protect people and valuables, reduce energy costs, improve health and hygiene, and save time. Examples include security cameras, expanded entertainment options, and automation/optimization of temperature and lighting.

Statista predicts that globally 70 percent of light-duty vehicles and trucks will be connected to the Internet by 2023. Connected vehicles communicate and share Internet access and data with other devices inside and outside of them. Some benefits include real-time traffic information and route optimization, use of apps to remotely lock or start vehicles, parking assistance, emergency service requests, interface with parking meters and electric vehicle charging docks along with entertainment options. Communication with other vehicles and road infrastructure will become critical as autonomous vehicles become a reality that will increase transportation possibilities for the disabled.   

The use of smart technology in urban areas around the world is growing and presents many new opportunities and challenges. Potential benefits associated with smart cities include enhanced quality of life by improving operational efficiencies, reducing costs, increasing sustainability, and creating safer surroundings. Some examples include:

  • Monitor and improve public safety, health, and transportation
  • Monitor vehicle traffic and provide real-time traffic reports
  • Reduce road congestion by utilizing traffic signals and road sensors that adjust and respond to real-time traffic
  • Monitor pedestrian traffic
  • Use of cameras to determine crowd density and investigate crimes
  • Maximize utilization of municipal resources and services
  • Automatically dim and brighten streets lights by detecting motion based on activity
  • Improve air and water quality, lessen noise pollution, decrease energy consumption, and reduce refuse and odors
  • Enable citizens to interact with smart cities using apps on smart phones and mobile devices.
  • Parking sensors that provide real-time info on apps to locate available parking spaces

The greater the number of connected devices in a city, the bigger the risk that a data breach could potentially expose personal data. As smart cities become more prevalent, they create new opportunities for exploitation by cybercriminals. Privacy and security challenges as well as surveillance concerns are inherent factors. The data acquired can be used for optimization of resources, infrastructure planning, and enhanced public safety; however, smart cities also collect information about citizens. Facial recognition technology is a reality, and many United States cities are banning it. Currently, Portland, OR has the most restrictive laws in the country prohibiting private and government use.

A future filled with connected devices demands that the benefits be balanced with privacy and security concerns. Regulations and laws will need to be created or strengthened to further protect citizens. And it is inevitable that cybercriminals will quickly adapt to take advantage of the evolving threat landscape.

Securing Internet-Connected Devices in Healthcare

Healthcare data is an alluring target for cybercriminals. Electronic health records are valuable and can be used to file fraudulent health claims, obtain prescription drugs, and steal identities. The health records of newborns and toddlers are particularly lucrative because criminals are hoping that use of stolen identities will go unnoticed for years. HIPAA (Health Insurance Portability and Accountability Act of 1996) protects your health information when it’s held by healthcare providers and health insurers; however, personal health information (PHI) is only as secure as the weakest link.

According to an August 2020 Forbes Technology Council article, healthcare cybersecurity is generally weak and lacks the ability to quickly adapt to threat evolution. More than 80% of medical practices have been the victims of cyberattacks according to a joint report from Accenture and the American Medical Association.  The report further states that most practices do not have internal security support and rely on outside vendors. Data breaches can lead to service outages and jeopardize patient safety. According to a July 2020 USA Today article, large institutions are getting better at protecting themselves but may still be vulnerable if a supplier or small medical clinic is hacked. Mid-sized medical practices with a large number of health records often aren’t big enough to hire dedicated IT staff making them especially worthwhile targets.

Ransomware is malware that blocks access to a system with the intention of extorting money from the owner. Typically, hackers encrypt data and hold it hostage promising to decrypt and restore access upon payment of a ransom. Due to the urgency associated with accessing records and systems, the likelihood of paying a ransom increases making healthcare an enticing target. In September a Dusseldorf hospital was forced to turn away emergency patients due to a ransomware attack that caused systems to crash.

Medical devices including implants, health-tracking wearables, and diagnostic devices present additional attack vectors. Most medical devices in hospitals are connected to a network. Until recently medical manufacturers were not required to account for device cybersecurity according to a February 2020 Symantec blog.

Earlier this year society was jettisoned into the era of telemedicine further complicating the threat landscape. Almost overnight we became dependent on the use of technologies, such as computers and mobile devices, to access healthcare services remotely. Providers were suddenly relying on telemedicine to diagnose and deliver care. Though reduced threat of infection, increased access to treatment, enhanced ability to closely monitor chronic conditions are some of the benefits, there are also risks. Medical practitioners are accessing telehealth apps and patient data via personal devices, home networks, and personal cloud services from a variety of locations. In addition to security concerns, privacy is at risk if housemates or family members overhear conversations.

In conjunction with Cybersecurity Awareness Month (CSAM), the National Cybersecurity Alliance (NCSA) shares some of the most common ways patients and medical practitioners access health data using technology:

Telemedicine: The use of technologies, such as computers and mobile devices, to access health care services remotely. Be sure your software is up-to-date and connect via a secure Wi-Fi connection.

Wearable Health Technologies: Consumers are increasingly using wearable technologies like smart watches and heart rate monitors for continuous monitoring of their health and wellness activities. Before purchasing wearable technology, research the manufacturer and review the company’s privacy policy to determine what steps they take to protect your data.

Health & Wellness Apps: Review the details and read reviews of any health app before downloading, and only download from trusted sources. Immediately configure privacy and security settings to limit how much information you share.

Electronic Health Records: Digital version of a patient’s paper chart making information available instantly and securely to authorized individuals. Make long, unique passwords/passphrases, create a different one for each device/account, and do not re-use them. And always use multi-factor authentication (MFA) whenever available.

Though we have no control over the security measures employed by healthcare providers, it’s important to be vigilant about protecting your identity and personal health information (PHI).

Securing Devices for Remote Learning

With the return to school, reliance on virtual learning has created many challenges for students and parents. Although many schools have provided students school-approved technology, which provide security, some students may be using personal devices. It’s important that parents are involved and aware of what children are doing online.

Security Best Practices for Virtual Learning

These tips, provided by the National Cybersecurity Alliance and the Washington Post , will help protect you and your family

  • Make sure anti-virus programs and security patches are up-to-date on your devices.
  • Set up a separate email addresses for education apps and sites. 
  • Turn on parental controls.
  • Check the settings for individual apps to see what sharing can be limited.
  • Review your school’s website for statements about data privacy and approved apps.
  • Create an optimum home learning environment free of distractions that gets a good Wi-Fi signal. It’s a good idea to make sure the space is well lit so faces can be easily viewed over video. Be aware of what goes on in the background and is being captured by the camera – for example, getting dressed, fighting, sensitive conversations.  
  • Encourage your school to make cybersecurity part of the curriculum.
  • Set a good example, teach students basic cybersecurity, and constantly reinforce the following:
    • Protect Your Personal Information: Never post personal information online.
    • Be aware that deceptive contests, giveaways, and surveys are designed to collect personal information.
    • Never share anything including passwords, homework, or access to services or apps – even with your closest friends.
    • Check Before You Download: Talk to parents before opening an email attachment or downloading software.
    • Think Before You Click: Do not click links in emails, text messages, or chat boxes from people you do not know. Be suspicious of links sent from people you know.
    • Block Bullies: Tell a trusted adult if another student in your online class is making you feel uncomfortable.
    • Be sure to keep your laptop or tablet close to you. Keep it in a safe place. Do not leave it unattended outside or in a public place.
    • Talk to your librarian, teacher or parent about where you can go for safe and accurate websites for research.
    • Use long and unique passwords/passphrases, do not re-use them, and create a different one for each account.
    • Use multi-factor authentication (MFA) whenever possible.

Cybersecurity Awareness – If You Connect It, Protect It

October is Cybersecurity Awareness Month. This year marks the 17th year of this initiative, co-led by the United States Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCSA). This month we will be feature tips & tricks for how you can be cybersecure.

The IoT (Internet of Things) consists of devices connected to the Internet that share data with other devices and systems via the Internet. According to an Internet of Things Report from Business Insider, in 2019 there were approximately 8 billion IoT devices, and this number is projected to explode to more than 41 billion by 2027. Attackers can spread malware via IoT devices connected to your home network, which may consist of computers, tablets, gaming and entertainment systems, digital cameras, smart appliances, smart doorbells and smart thermostats.

Though increased efficiency, reduced costs, and energy conservation are some of the benefits associated with these devices, there are also risks to privacy and security. The NCSA advises consumers to connect with caution and take steps to secure devices:

  • Before Purchasing a New Device, Do Your Homework: Check out consumer reviews, determine if there are any security/privacy concerns, and understand what security features the device has or lacks.
  • Replace Devices: If there are known vulnerabilities that cannot be resolved or vendor support has ceased, obtain a new device. This might be typical of devices more than 5 years old.
  • Always Change Default Logins and Passwords: Many IoT devices come with default passwords. Create long and unique passwords/passphrases, do not re-use them, and create a different one for each item. In addition, use multi-factor authentication (MFA) whenever possible.
  • Connect Only What You Need, and Isolate on a Separate Wi-Fi Network: This will prevent access to your primary devices, such as laptops and computers.
  • Configure Your Privacy and Security Settings: When activating a device, immediately configure the strongest possible settings. Most devices default to the least secure settings.
  • Disable Features You May Not Need: If there are features you will never need or use, disable them to protect your security and privacy.
  • Keep Software Up-to-Date: Immediately update software when a manufacturer issues an update. And set it to automatically update on its own if there is a setting that allows it. 
  • Think Strategically When Locating Devices: Be mindful of where you place listening devices and cameras when it comes to children’s rooms and areas where you have sensitive work or family discussions. You may want to designate parts of your home as “safe” spaces from IoT devices.

Intact Participating in 2020 TechAssure Virtual Summit

The TechAssure Virtual summit begins today through October 21, and Intact Technology is excited to participate in the event. This year’s summit is a completely immersive virtual event, where members can interact, network and exchange information. If you’re joining, be sure to catch-up with Intact Technology via:

  • Our virtual booth
  • Our downloadable Intact Technology presentation
  • The TechAssure Cyber Risk panel featuring Intact’s David Chavez

Even if you’re not participating in the TechAssure summit, we invite you to get to know our Intact Technology team a little better through this video>>