Weekly IoT Worries: Insufficient Privacy Protections
Many connected devices, IoT, OT, BioMed, and other non-traditional endpoints use and store users’ personal information. This data can be stored directly on the devices themselves or within the greater ecosystem they belong to. The issue is that any improperly or insecurely stored or transmitted information can negatively impact the users’ privacy. Additionally, many manufacturers are known to package and sell any valuable data to the highest bidders to add to their income streams.
Just like with legacy endpoints, the protection of the data they process – whether that data be in transit or at rest – has a significant impact on the privacy and security of the user’s information it is using. These connected devices’ data collected, stored, and used should meet regulatory requirements, like GDPR or HIPAA. However, frequently these devices are not equipped with sufficient safety controls to ensure malicious actors cannot quickly obtain data. Many connected devices also collect data to send back to the manufacturer so they can then resell that data to advertisers.
Steps should be taken with each new device in the network to understand what data it is collecting and how that data will be stored, transmitted, and utilized.
To learn how IoTSecure can help go to iotsecure.io.