With connected devices being all the rage, the number of smart products in consumers’ lives continues to rapidly grow. Whether it’s a smart yoga mat for the fitness enthusiast, a smart bike helmet for the environmentally conscious commuter or a smart coffee mug that keeps your java hot on your desk if your meeting runs over by an hour, it’s clear that IoT devices will remain a must-have gift. This coupled with multiple Cyber Monday deals on smart products will continue to fuel the number of devices in circulation.
However, there’s a catch: The rapid growth of smart devices is resulting in many vulnerable items entering homes, expanding the potential attack vector for hackers. Manufacturers are focused on getting the latest and greatest smart devices into the market as quickly as possible, and as a result, security is often a hastily bolted-on afterthought. So it’s crucial that consumers are aware of the risks and take action so that their shiny new gift is not unwittingly rolling out the welcome mat to cybercriminals.
Default passwords are still far too common on smart devices. For example, 600,000 GPS trackers manufactured in China were recently found to have several vulnerabilities, including a default password of 123456. Even more concerning was the fact that these gadgets were designed to enable parents to track their children.
Regulation coming into effect in California in 2020 will ensure that manufacturers of these connected devices end the use of default passwords and password-free products. However, as the law only pertains to California, there is still the potential that devices could enter the rest of the U.S. market with default passwords, and we should expect many manufacturers to try to continue to circumvent the regulations.
Retailers need to help educate and inform consumers so that they are aware of the risks and the steps they need to take to protect themselves in our hyperconnected digital world. There are three core principles that consumers need to adopt:
- Immediately create a strong, unique password and ensure that it’s not compromised. Consumers need to do this before using or connecting a device. To provide perspective, data breaches over the years have leaked millions of user credentials that cybercriminals are continually looking to take advantage of. It’s critical that passwords are always strong, unique, and have not been compromised. Multiple free online tools can check that potential passwords have not been exposed in a breach. As most people don’t change passwords, it’s worth the extra effort to ensure that the password you have select has not been compromised.
- Despite the convenience, reusing passwords across different accounts is never a good idea. For example, if a password was exposed in another breach, then by reusing this password you give cybercriminals a golden ticket to your digital identity. The Disney+ launch is a good example of this issue. Password reuse by consumers allowed bad actors to takeover Disney+ accounts. Google recently identified that despite the warnings, 65% of people still reuse the same password for multiple or all accounts. Hackers rely on and continue to profit from this behavior. Another best practice is to use a password manager to help store strong passwords.
- Update the software before activating the new gift. This ensures that your device has the latest software and patches to help keep hackers out.
Consumers can’t leave security on the shelf as they clamber to use their latest smart gift, as it could unwittingly give hackers the ultimate post-holiday windfall. Retailers need to help consumers understand the risks, as well as ensuring that they push back on manufacturers that try to circumvent security best practices.
Josh Horwitz is Chief Operating Officer at Enzoic. He is an enterprise software executive and entrepreneur with over 25 years’ experience. Horwitz was the founder of the cloud-based enterprise customer-marketing platform, Boulder Logic, whose clients included Microsoft, Siemens, Dell and CSC. Prior to founding his company, Horwitz held senior technology and sales positions with both startups and Fortune 500 companies, including IBM. He earned his MBA from Babson’s F.W. Olin Graduate School of Business and his BA from Washington University in St. Louis.