FEATURE

How SMBs can address IoT security and privacy concerns.

IoT applications offer great benefits to businesses and their customers. However, they can also involve risks, particularly when it comes to security and privacy. These risks are often conceptualized in terms of large-scale initiatives, such as energy grids. But smaller connected devices are also at risk of being misused by bad actors. Consider, for example, a spa tub with unsecured temperature controls. 

IoT application developers have to keep risk in mind when they are designing and implementing their projects. Here are some best practices to help ensure that ioT applications are safe, secure, and effective.

Understand local regulations.

IoT applications that collect data from machines owned by individuals may fall under the domain of a growing number of laws that dictate how companies may use consumer data. For example, the European Union’s GDPR (General Data Protection Regulations) and related laws apply to many IoT applications. However, complying with regulations offers no guarantee of protection. For example, the California Consumer Privacy Act, which took effect at the beginning of this year, includes provisions for IoT applications that may not be comprehensive enough to ensure protection from attacks. Both sets of regulations apply not only to companies based in those regions but companies that collect data about consumers in those regions.

Use trusted components.

Many small businesses do not have the specialized expertise to ensure that their IoT hardware solutions can avoid the latest security vulnerabilities. This is but one of the reasons to consider using a tested third-party connectivity module. Particle develops one such offering on a managed subscription basis. The company regularly conducts security audits of its products in order to ensure that they stay a step beyond hackers.

Encrypt sensitive data.

In individual transactions and particularly in aggregate, IoT applications can reveal information about a business that could be valuable to a competitor. But applications in fields such as healthcare, insurance, and education can be often tied back to sensitive data about people as well. Indeed, one of the major challenges of IoT applications can be moving across multiple secure databases and applications seamlessly and securely. Robust applications require dynamic and difficult-to-guess passwords that change often. That’s why it’s important to use a rapid application development environment like Claris FileMaker that allows encryption of such data. 

Consider cellular technology.

For many IoT applications in which you may not have access to physical security, such as at a customer’s site, it’s long been tempting to leverage the local Wi-Fi network. While relying on such infrastructure can be cost-effective, the application is subject to the reliability of that network and can be vulnerable to negligence or rogue clients. Using cellular technology circumvents these risks. Today, many applications rely on 3G cellular technology, which is set to be phased out by several carriers in the next few years. 4G LTE technology is the next natural step and offers the broadest coverage. However, some deployments are waiting for 5G technology now entering the market in order to ensure the longest possible deployment time before the next major wireless network upgrade.