Q & A
CompTIA: Should the same security precautions be taken with IoT devices as are taken with computers, networks and servers, or are there other considerations? STANGER : A lot of these IoT devices tend to be, in a sense, dumber than the devices we’re used to. Our phones are a bit smarter because we can tell them what to do and turn them on and off. With a lot of devices, there’s not much of a user interface. It’s a piece of hardware that grabs processes and sends. But, that device is very, very good at collecting and sending data. So, you’ve got to be careful. The first precaution is to ask, do you really want that thing in your life? I don’t want to have those things in my house because I’m not sure how secure they really are. Second, if you connect it to your Wi-Fi, segment your network. Create an isolated network for your IoT devices that’s separate from the trusted network with your computer, phone, tablet and gaming systems. Third, decide if you want to register your device. IoT devices send unstructured data, and they can do this with or without a registration. If you register the device in your name, it’s no longer unstructured data about an anonymous person; it’s data with your name attached to it. Companies are clever and will find ways to incentivize you to register. One day, I’m sure some form of service will be created by someone where you can register and manage all of your IoT devices. Until then though, it’s kind of wide open. Lastly, consider what information you’re sharing and when. I’m not sure I need a bad guy knowing I’m out of town. Rather than sharing information about how mobile you are and that you’re traveling, consider reporting back after the fact, once you’re home again. CompTIA: What about IoT and privacy? STANGER : The companies that are collecting and crunching all of this new data need to make sure they’re secure. In Europe, there’s the General Data Protection Regulation (GDPR), which goes into effect in May 2018. GDPR and other similar laws levy huge penalties for those who aren’t prepared. Movements and executive orders around the world are also pushing privacy to the top of people’s minds. Privacy is perhaps the biggest concern
"The first precaution is to ask, do you really want that thing in your life?"
password – and the typical end-user. But right now, we still live in that world. Use a strong password, following the guidelines given to you by the service you’re using. For example, on Facebook, follow their guidelines. On LinkedIn, follow theirs. Each company uses their own algorithms and platforms, so the recommendations may vary. If you can, use multifactor authentication – combining what you know, such as passwords, with what you have, such as a token like a text message sent to you from the service. Then there’s what-you-are type of authentication – biometrics, like the thumbprint on your smartphone. Try grabbing good password-vault software that allows you to securely store your passwords so you don’t have to create and remember so many different ones. Here’s the biggie: Back your stuff up in a secure way – using a different password
when it comes to IoT. If companies don’t have their security in order first, then they’ll have no hope of being able to provide the privacy guarantees that individuals and governments want. You can, in a sense, have security without worrying about privacy. But if you want to ensure privacy, you’d better first have your security ducks in row. CompTIA: What types of cyberthreats are out there, and how can people protect themselves? STANGER : Well, the fundamentals still apply. Don’t use the same password for all of your things – even though everybody does. If you use the same password for all of your pictures and Twitter and your bank account, the bad guys can wipe everything out. In some ways, it’s not quite fair to place so much importance on just one factor of authentication – the
42
CompTIAWorld | SPRING 2018
Made with FlippingBook Online document