12 Tips to Convince Users Their IoT System Is Secure

What engineers can learn from fraud prevention tips for the Internet of Things

Designing IoT products and services with security as a priority will go a long way towards building consumer confidence in your products. (Image courtesy of Experian.)

Designing IoT products and services with security as a priority will go a long way towards building consumer confidence in your products. (Image courtesy of Experian.)

“The Internet of Things is only as strong as its weakest link,” cautions Adam Fingersh of Experian, a global information services company.

Fingersh is a senior vice president in charge of Experian’s fraud and identity business, and he believes the growing number of Internet of Things (IoT) devices is a double-edged sword.

“Opening products and services to the Internet dramatically increases the opportunities for cybercriminals, who can hack those products to get into your broader systems,” Fingersh said.

With this in mind, Experian recently offered a list of 12 security tips for both consumers and businesses using IoT devices and services. For IoT engineers, however, this list provides valuable insight into design criteria for IoT applications that appeal to the security-conscious user.

Tips for Consumers From Experian

1.      “Ensure that the products and services being purchased and connected are from reputable companies.”

There’s no shortcut for this tip. Consistently offering secure and well-designed IoT solutions will solidify your company’s reputation to end users.

If your company is just starting out, perhaps look into a partnership or sponsorship from a company with a good reputation. This can help to add some credibility to your brand.

2.      “Ensure that the providers of these products and services have clear privacy and data-usage policies.”

Many consumers are wary of what your company will do with their personal data. Put their minds at ease with clear and accessible privacy policies. Also remember that people are sick of user agreements longer than an encyclopedia. Keep your policies simple.

3.      “Be aware that data from any smart device may make its way to third parties for a variety of purposes and that there are not always standard policies across providers.”

Again, be straightforward with users about whom their data is being shared with. Most consumers are willing to part with their personal data, but being transparent and honest will go a long way towards building your reputation as reliable.

4.      “Make sure that any access to these systems is always closely guarded.”

A recent consumer survey shows 92% of respondents are worried about cybercriminals accessing their personal data. IoT engineers can help put consumers at ease by designing easy yet robust methods for guarding their information.

However, the same survey reveals 75% of consumers are anxious about the number of passwords they’ll need to remember as IoT devices become more common in their homes. Consider giving users other security options such as fingerprints, voice recognition, and retinal scans.

5.      “Be aware of the applications installed on devices and download applications only from reputable providers, such as the iTunes App Store or Google Play, rather than gray-market app platforms. Also, only download apps created by trusted entities.”

Once more, consumers will look to your company’s reputation when downloading your applications. By offering apps through a trustworthy platform, consumers will feel more comfortable using your products. Perhaps it is also best to limit the apps usable on your device to those on app stores.

Tips for Businesses From Experian

6.      “Access to systems should require more than just credentials. Leverage cyber intelligence and complex device-recognition solutions to prevent unauthorized access.”

According to a recent statistic by mobile network security firm AdaptiveMobile, up to 80% of IoT devices are lacking in security measures. By designing IoT solutions with strong security solutions already built in, businesses will see that you care about what happens to their data and will be more open to purchase your products.

7.      “Designate who has access to systems and clarify why they need it. It is also important to understand the normal behavior of who is logging into these systems, so that when anomalies occur, immediate preventative action can be taken.”

Considering what measures your business customers will take to protect their own data allows you to design your IoT solutions to directly meet their needs.  

8.      “Clearly outline roles and responsibilities in terms of access monitoring. This can be segmented by factors such as channel or line of business.”

Again, thinking ahead to the user’s own security precautions will make your products more appealing to customers. Make sure administrators can define the roles of each user using the connected devices.

9.      “Share intelligence across the consumer and enterprise side of your business.”

At the end of the day, the data collected on the IoT must be easy to use and accessible to your partners. Making the system secure is one thing. Making that security and other user interfaces clunky is another. Simplify how to share and access data without compromising security.

10.  “Partner with providers that have been successfully solving the account takeover problem. The concerns and vulnerabilities of Account Takeover problems in the digital realm using fit-for-purpose technologies are similar to the concerns and vulnerabilities in the Internet of Things world.”

The Account Takeover problem is poised to incur losses up to $8 billion by 2018. Keep your company on the cutting edge of account takeover solutions to keep consumers confident in your ability to protect their data.

11.  “Apply robust privacy policies and practices. Doing so will ensure that the data being collected is actually required for the services offered and that data-collection practices are easily understood by the consumer.”

As stated above, this tip can be directly applied to IoT companies looking to develop consumer trust in their products. With the wealth of IoT data being generated, ensure the data you collect is relevant for your services.

12.  “Treat any collected data as highly sensitive information. It is important to note that even seemingly uninteresting data can be used by fraudsters to build robust and accurate stolen identities, which can be used for online impersonation, social engineering, phishing attacks and more.”

With all data, even meta-data, being potentially vulnerable, ensure your IoT applications don’t discriminate. It is important to protect all user data to ensure full and comprehensive security for your customers.

For more about improving IoT security, read 3 Software and Hardware Tools to Help Secure Your IoT Designs.

Written by

Michael Alba

Michael is a senior editor at engineering.com. He covers computer hardware, design software, electronics, and more. Michael holds a degree in Engineering Physics from the University of Alberta.