Get started Bring yourself up to speed with our introductory content.

How to handle security fatigue in IoT

As our lives continue to become more virtual, people have become inundated with messages to constantly keep up with securing their cyber-profiles, from changing passwords regularly and never using the same one twice, to setting up multiple-step verification for online accounts. However because of the constant reminders — and the nearly daily reports of new hacks and breaches — most people have become overwhelmed trying to keep up with their online security and fallen into complacency — “security fatigue” if you will, preferring to deal with a security problem once it arises versus protecting themselves proactively.

With hackers becoming savvier by the day and new IoT platforms arising every second, users can’t afford to wait until a breach occurs to think about their online safety. Information can be stolen in seconds, and hackers can hold onto information for years before using it — just look at the 2012 LinkedIn hack that resurfaced a few months ago.

But users can’t protect themselves on their own. According to Dashlane, an inbox auditing tool, the average American has 130 online accounts registered to a single email address, meaning (in an ideal world of IT security), 130 separate passwords all changed regularly and never reused. That’s simply too many devices, too many accounts and too many passwords to keep track of. So what can be done to help users maintain their online security and prevent security fatigue? Manufacturers and providers of internet-connected devices and online platforms must take some of the onus on themselves to ensure the products they are providing are secure, especially when it comes to products that have become essential to everyday life. This will mean adopting more proactive security practices from the get-go.

Commit to better monitoring

Many companies adopt a “sell it and forget it” mentality, meaning once they’ve sold a product to their user, cyber-support is virtually nonexistent, especially in the case of lower-end products like baby monitors and cameras, many of which have only recently adopted internet capabilities. But as the recent DDoS attack that took out major websites across North America by accessing internet-connected surveillance cameras showed, it’s clear that this mentality does not work. Instead, manufacturers must commit to providing monitoring and support throughout the duration of the product’s life, delivering product updates and providing real-time support in the event of a cyber-issue.

Implement secure practices from development stage

As more and more products are connected to the internet, companies who have never had to deal with developing lines of code are finding themselves hiring developers or outsourcing their platform to agencies to be built. To ensure they deliver the best product, manufacturers must educate themselves on the most up to date, secure development practices and implement them within their newly minted development departments (or be sure the agency they are working with is using them). The same goes for experienced teams — manufacturers must ensure that their developers are utilizing secure practices from the development stage.

Operate transparently

Most importantly, companies must commit to operating transparently. In a world where cyberattacks happen nearly every day, consumers are able to forgive a company who is hacked — as long as they handle it well. For this to happen, transparency is key. Users should be informed of any sort of breach as soon as the organization is made aware of it, and be provided with as much information as possible as to what kind of information may have been compromised. Further, support should be provided to users with questions and concerns about their online safety.

While users still need to be responsible for themselves in the online world, with the number of internet-connected devices increasing by the second and security fatigue taking hold, manufacturers and providers need to take responsibility for their products, committing to creating more inherently secure devices, offering security support for them throughout the entire product lifecycle, and operating transparently.

All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.