An army memo has laid out mandatory procedures remote workers must follow to mitigate leaks of official government information. They apply to all military components, civilian employees and contractors. The memo states that the remote work environment for all approved teleworkers must free of internet-of-things devices. This covers more than 70 types of devices, from Bluetooth speakers, fitness trackers, smart kitchen appliances, TVs and gaming consoles and home security systems. The memo makes particular mention of personal home assistants.
Where possible, teleworkers must remove all loT devices with automated listening functions, such as smart TVs and smart speakers from their workspaces. Additionally, they should turn off personal smartphones or tablets in their work area or disable the audio access function, such as voice to text and automated assistants.
Personal home assistants capture and record good or bad conversations and activities within a home. Powered-on digital assistants can be listening and recording conversations, and even accidentally recorded background chatter can include audio or images of critical unclassified information, personally identifiable information or Defense Department mission and operational data.
IoT-collected data from smart devices pose security and privacy risks. Law enforcement can access it for investigations, as can marketers for promotions. The service providers’ data can be hacked, and foreign intelligence services use connected devices to collect information for espionage.
Teleworkers should be aware that these connected devices are less secure than conventional IT equipment. They often use default user names and passwords, and their connected nature offers adversaries a large attack surface.
Risks are not limited to remote workers. Teleworkers’ connection to Department of Defence (DoD) networks may affect the security posture of DoD information systems and alter the information system’s risk assessment that may then require the allocation of additional security controls or the introduction of compensating controls to reduce risk to acceptable levels.
At a time when the majority of the workforce is remotely teleworking, loT devices are an area of concern because it is likely that teleworkers use their personal devices, while connected to DoD’s networks for official business conversations, in the vicinity of a smart device or application. For these reasons, teleworkers must incorporate strong cyber hygiene practices in their daily telework routine.
According to a paper, IoT brought users huge benefits, however, some challenges come along with it. Privacy and security are among the significant challenges of IoT. Improper device updates, lack of efficient and robust security protocols, user unawareness, and famous active device monitoring are among the challenges that IoT is facing. IoT’s vulnerability is simply because the interconnectivity of networks in the IoT brings along accessibility from anonymous and untrusted Internet requiring novel security solutions.
Of all the challenges that are known, none of them has a more significant influence on IoT adaptation, such as security and privacy. Unfortunately, the users do not often have the required acknowledgement of the security impacts until the time when a breach has occurred, causing massive damages such as loss of crucial data.
With the ongoing security breaches which have compromised the privacy of users, the appetite of the consumers for poor security is now declining. In a recent review conducted regarding privacy and security, consumer-grade IoT did not do well. There were a lot of vulnerabilities in modern automotive systems.
The IoT is diverse from traditional computers and computing devices, makes it more vulnerable to security challenges in different ways:
- Many devices in the Internet of Things are designed for deployment on a massive scale. An excellent example of this is sensors.
- Usually, the deployment of IoT comprises a set of alike or nearly identical appliances that bear similar characteristics. This similarity amplifies the magnitude of any vulnerability in the security that may significantly affect many of them.
- Similarly, many institutions have come up with guides for risk assessment conduction. This step means that the probable number of links interconnected between the IoT devices is unprecedented. It is also clear that many of these devices can establish connections and communicate with other devices automatically in an irregular way. These call for consideration of the accessible tools, techniques, and tactics which are related to the security of IoT.