Experian is offering advice for both businesses and individuals to help them improve security and manage the risks that come with using internet-enabled products, also known as the Internet of Things (IoT).
Connected devices, such as smart phones or tablets, are no longer the only things with an internet connection. There is now a large number of other consumer products, including cars, heart monitors, and clothing, also linked to the internet.
Many of these products have weak security and controls, which creates points of weakness in their users’ private networks, systems and data.
Nick Mothershaw, fraud and identity expert from Experian, said: “All these connected products collect a lot of personal data about people. This data is shared with other devices and held in databases by companies. As the internet of things continues to grow, and it is doing so rapidly, the amount and the importance of this data will also grow. It will start to attract more attention from cybercriminals. The more products and services there are with a connection to the internet, the more routes through which fraud can be committed are opened up. If there are areas of weakness, then cybercriminals will find and exploit them. There are some key things that people can do to help protect themselves without losing the opportunities that IoT can bring.”
Tips for individuals
· Make sure that the products and services you are buying and connecting to are from reputable companies.
· Ensure that the providers of those products and services have clear privacy and data usage policies.
· When setting up the products, ensure that passwords and keys are changed from the factory settings.
· Before connecting to any wireless network, make sure it is secured.
· Be aware of how providers use data from your smart device and check their policies to see if it could end up in the hands of third parties.
· Any access to systems connected to your smart device should always be closely guarded.
· When downloading apps for your device make sure it is only from reputable platforms, such as Google Play or the iTunes Appstore. Apps that are downloaded should also be only created by trusted entities, check customer reviews as a way of making sure.
In addition to the people who are enjoying the benefits of online access to multiple devices, businesses also need to be wary. Experian encourages businesses to work with the mindset that any product poses a significant potential for threat. The below tips were created for businesses to use as a guideline.
Tips for business
· Understand who has access to systems and clarify why they need it. It is also important to understand the normal accessbehaviour of those logging into these systems, so that when anomalies occur, immediate preventative action can be taken.
· Clearly outline roles and responsibilities in terms of access monitoring. This can be segmented by factors such as channel or line of business.
· Share intelligence across the consumer and enterprise side of your business. Many businesses have strong authentication requirements for their customers, but most data breach activity happens as the result of employee credentials being compromised and used to gain access.
· Businesses should also apply robust privacy policies and practices. Doing so will ensure that the data they are collecting is actually required for the services they offer, and that the data collection practices are easily understood by their customers.
· Any data that is collected must be treated as highly sensitive information. It is important to note that even seemingly uninteresting data can be used by fraudsters to build robust and accurate stolen identities, which can be used for online impersonation, social engineering, phishing attacks and more.