What to Expect in 2019

5.  More hacking through IoT devices

Why? More IoT devices are being manufactured and used every day, and they are overwhelmingly unsecured. Very few IoT devices are “smart” when it comes to having security controls built in. Numerous research reports show that most don’t have data security controls, and the rest don’t have enough. It is rare to find a device that doesn’t fail at protecting privacy. These all create substantially more pathways for hacking on an ongoing basis.

In the U.S. there are currently no IoT security laws in effect, and only one law, California TITLE 1.81.26. Security of Connected Devices which goes into effect on January 1, 2020, that specifically governs IoT security. I’m not aware of any specific IoT laws in other countries. There are generally no legal requirements established to ensure that IoT device vendors and creators engineer secure architectures for the growing numbers of IoT devices being placed into people’s homes and other personal spaces. I see Facebook’s Portal and I just shake my head … what a fun way to let the spies see all your in-home activities, possessions, etc. by using Shodan, and similar IoT discovery tools, to find all those unsecured IoT devices.

Two actions (of many necessary) to help prevent IoT privacy and security breaches:
  1. Check device settings often and set auto updates. Ensure security and privacy controls are still appropriately set on all the IOT devices and associated apps you use. It is common for the systems and applications updates to change such settings, so don’t assume that the settings you established when you first started using a device or app are still the same. Compared to most folks, I don’t use that many devices (less than 10), and very few apps (less than 15). I set a quarterly reminder to check my security and privacy settings on them.
  2. Don’t use unsecured IoT devices. Read both the website privacy notices and the terms of use on the sites of vendors and manufacturers of IoT devices. If they don’t have a privacy notice, don’t use the device. If the privacy notice basically indicates that you don’t have any privacy when using the device, don’t use it. If the terms of use negate the promises made in the privacy notice (many do), don’t use the device. If the description of privacy actions are vague, such as “we only share your data with trusted third parties,” don’t use the device. To motivate positive change, submit comments indicating that you expect to have strong security and privacy controls built into the IoT devices you use.


Have you considered these topics in your 2019 planning? Let us know! We welcome your constructive comments below.

Yes, I realize that each of these topics have much more involved than what I covered here. Of course, much, much more needs to be considered beyond the points made. But, the purpose of this post is not to provide a class discussion, but to get readers thinking critically and seriously about these topics.

I’m planning more episodes of my Data Security & Privacy with the Privacy Professor podcast covering these topics throughout this year. Here are a few of my episodes to date that covered one or more of these five topics:

Please get in touch!

I look forward to covering the wide range of privacy issues that must be addressed by every business, and every individual, in the coming months within this blog feature!  If you have a topic to suggest, just let me know. I always appreciate knowing the topics that are at top of mind for our readers.


#IOT #InternetOfThings #Surveillance #Ransomware #Hacking #Education #Laws #Privacy #NationStateHacking #CyberSecurity


Leave a Reply

Please Login to comment
Notify of

Follow CPO Magazine