Procurement 10 March 2016

15 considerations to have better data and device protection in the age of the Internet of Things

shutterstock_381292858
Micro firms should make the right preparations for the Internet of Things

According to recent research from IT firm Gartner, 6.4bn devices will be connected to the internet in 2016, up 30 per cent from 2015. Outreach manager at digital marketing agency Further, Lee Carnihan, talked to Business Advice about what the Internet of Things means for micro businesses and how to make the right preparations.

The opportunity and risks are in many ways the same as for larger companies. More connected devices mean more data. More data can help you identify operational efficiencies as well as sales and service opportunities.

For micro businesses without wide margins or a reliable sales pipeline, even the slightest saving or smallest sale might mean the difference between surviving, sinking or growing.

For example, a local coffee shop with only two employees could be using PayPal, a tablet and a card reader to take payment: no till required, no paper trail to file. If the coffee machine is WiFi-enabled too, stock control can be made more efficient, contacting the wholesaler’s systems to replenish stock automatically for example.

If the lights and thermostat are connected too, they can be turned on, off, raised or lowered, either automatically or remotely from a smartphone. Owners and employees can be left free to invest their precious time and energy on sales and service – where revenue comes from.

Customers are increasingly connected and expecting to be able to pay using “contactless” mobile applications like Apple Pay or Paym. Even a market stall or artisan trader can offer these options, they don’t demand a huge investment. But if they aren’t aware of these trends or technologies in the first place, a chance to make savings and sales will be missed.

You don’t have to connect any and every device

Even if there is a rapidly advancing trend to connect all manner of devices to the internet, this shouldn’t lead you astray. Connecting the lights, thermostat or a coffee machine doesn’t automatically mean it will generate useful information, sales or savings. Treat each device on a case by case basis and ask yourself these five strategic questions before connecting it to the internet:

(1) Will the device collect data, or perform a task for me, that will benefit my business?

(2) How will this device and data affect my bottom line? And will the gains outweigh the costs and risks?

(3) How will the device be connected and managed? Is this something I can do or do I need to call in an expert, and if so, what will the risks and costs be?

(4) Who will have access to the data and device, for what purpose and under which conditions?

(5) How will connecting this device impact productivity, information security and working culture?

These questions apply whether you’re a micro or multinational. It’s essential to understand the opportunity and costs as part of making a good decision. Understanding the risks is critical too. The potential influx of new data from each connected device could help you build up a better picture of your business, but it might also increase the complexity of managing your business.

Protecting the business from personal devices

Working from home and using personal phones, laptops and tablets might be the only way for a business to get off the ground and stay afloat in the early years. But while using personal devices for work might be a great launch pad and cost saver, it’s not risk free.

If there’s a virus on your smartphone it might spread to your laptop, especially if the two are tethered or you’re accessing the same applications like email. Similarly, if a cybercriminal hacks into your personal phone and acquires your login details, they might use them to gain access to your business accounts and data.

If you’re a pop-up business or a consultant delivering advice on a customer’s site, whose WiFi are you using? Connecting a device is only half the story, keeping it and your data secure is the other half.

Senior security evangelist for security solutions provider AVG Business Tony Anscombe explained: “Cyber criminals are constantly probing hardware and looking for flaws in software to exploit. They’re scanning the airwaves and harvesting passwords and other personal identity data from wherever they can.”

Light switches and thermostats might even be a risk

Anscombe went on to say: “WiFi-enabled thermostats and lights might be convenient, but these devices also have the potential to give up your WiFi password to a hacker. The importance of using strong passwords should not be under-estimated at any costs. Last year’s worst and weakest passwords were still “123456” and “password”. That’s equivalent to leaving the keys in the car and leaving the door open.”

Protecting data and devices in a changing world

Connecting a device to the internet – especially one which isn’t yet considered to be an obvious or normal part of your IT set up – can bring you more insight, efficiencies and sales. But if security isn’t built into your decision-making process from the start, you might unknowingly expose your business to the hackers and malware.

Part of the right approach to IT security is asking the right questions before you connect anything. Here are ten to get you started, and even if you don’t know the answers, you can put them to the vendor or manufacturer of the device:

(1) How will this device affect the business’ security perimeter? Will it open up a new “attack vector” (point of entry) for a hacker to exploit, for instance?

(2) How will this device be maintained and kept up to date with the latest security and software patches?

(3) Does this device need to be physically secured and how?

(4) How will it communicate and integrate with other devices or systems inside an IT network?

(5) Will it communicate with devices or systems outside a network, for example via a router or WiFi hotspot, and if so, is the appropriate level of “gateway” security in place?

(6) Will this device follow the “law of least data”? If data is being shared via or stored in the cloud, is this strictly necessary? Could it be stored locally or shared directly between devices or other systems?

(7) Is the device built and supported by an established and well-supported brand or “rookie” entrant to the market?

(8) Who will be using this device and data, to what extent, and how might their identity be stolen, or their access privileges captured, and used to gain illegitimate access?

(9) Take a leaf out of GCHQ’s book and review the British intelligence service’s Ten Steps to Cyber Security.

(10) And finally, if a new device is going to be connected, remember to use a strong password.

The hot-desking culture in your office might be stopping your employees from concentrating. Read on to find out more.

Sign up to our newsletter to get the latest from Business Advice.


 
TAGS:

Q&A

If you’ve found the article above useful, but have a more detailed and bespoke question, then please feel free to submit a query to our expert. We at Business Advice will get in contact with them on your behalf and arrange for a personalised response. These questions and answers will then be collated on the site for any other readers who have similar queries.

Ask a question

On the up