Data Privacy & Security Service
Issue 9
IoT (Continued)
What can be done now? Chief Information Officers must consider the multiple functions of the devices being brought into schools and begin to track them. There is an inherent risk to our teach- ers and schools that they may become vulnerable to cyber hacking or more simply through misconfiguration given the speed at which IoT is being deployed. Schools need to be made aware of the potential risks, to understand classes of Internet- connected devices, as well as the capabilities and incorporated risks across those de- vices. What’s more, schools need to develop a centralized approach to track what devices are used, version numbers, and how they are configured. This will allow them to audit what they have and what they are bringing into their networks, and to quick- ly respond to a device that develops a vulnerability. Existing devices in schools, and those being brought into schools must be evaluated using a checklist. Each item should be as- sessed for factors that include, but not be limited to: Additional Resources 1. New report says tech companies spy on students in school 2. What is the Internet of Things (IoT)? 3. Internet of Things: Where Does the Data Go? 4. FTC: Vizio smart TVs spied on what viewers watched Third party apps Once the risk scale is determined, devices can be measured and school leaders can base decisions on the scale’s parameters. Auditing a school’s inventory for a device’s capabilities is now at the forefront of protecting a student’s privacy. Schools should know which devices have recording capabilities and which send and receive data; it must be known if the iPad the second grad- er is using for a reading assessment has a “live mic” or if applications are sending user data outside the school’s network. It is with this type of compliance checklist that schools can better define what privacy controls need to be in place and which devic- es are too precarious. Recommendations: Build a checklist to track the functionality of Internet connected devices Measure all devices against the checklist to assess risk factors Proactively turn on privacy controls Inform educators and staff about the functionality of the devices they are using and warn them about potential exposure if the access point is left vulnerable. Wired/wireless Internet Data storage being local or in a cloud Camera Microphone, voice command software
IoT and Privacy
Is your IoT Device Putting you at Risk?
The National Law Review posted a brief online article indicating that 96% of IT pros surveyed stated that they “expect to see an increase in security attacks on IoT.” The study says that although connected devices are convenient, they lack security.
Embracing the Internet of Things Doesn’t Necessarily Mean Forfeiting Privacy Security is a concern in the world of the IoT. However, the answer may be in a blockchain. Amit Sharma, Vice President of Tech Mahindra, believes the cryptographic algorithm will be available soon when Generation Z is more equipped and ready for it. A blockchain allows secure online transactions. It is a decentralized and distributed digital ledger that records transactions across many computers in such a way that transactions cannot be backdated. Click here.
3
Made with FlippingBook flipbook maker