Tuesday March 31st, 2015

Consumer insecurity in today’s internet of things

The Internet of things” (IoT), have you ever heard of it? In the event you haven’t  – “The Internet of things” is a proposed development of the internet in which everyday items such as your kitchen appliances, wearable devices, cell phones and nearly anything else you can think of would be able to send and receive data through network connectivity. Sound familiar yet? Well it should, as there are few Americans of legal age who don’t network at least one of their personal and/or workplace electronics in one method or another. This networking offers us the luxury of accessibility, but it’s not free. Before we can network, we have to sign up.

Networks are a service and by signing up for that service you provide companies all over the world with data. A person’s demographics and psychographics are two keys to targeting ideal clients with a strong, focused message. The more data that a company has on it’s prospective and current customers the easier it will be for them to sell them on their goods and services, as well as, develop new ones. This exchange isn’t without benefit to the consumer obviously; targeted advertising provides customers with opportunity for special value. This isn’t a new practice, but thanks to the internet data has become a gigantic industry. Companies buying and selling of consumer data has become so commonplace that even the consumer became readily aware of it. That awareness has made them nervous.

People are becoming more knowledgeable about how companies exchange their data and it’s giving them pause in wanting to share it without a good reason. It seems you can’t do anything on a digital device anymore without a data request. Even recipe apps or mobile games want to know your name, email address, and have the ability to access your location.

Additionally, thanks to the massive amounts of media available today, we know that this data is not always secure. Sony, Target, J.P. Morgan Chase, Apple, Google, and many more have announced cyber attacks in 2014 that have lead to reports of compromised data. And as the internet of things grows without much in the order of standardized security practices, the data is only becoming more readily available to those who would use it for dishonest means. All of this tracking and news of unsecured personal information is leaving people feeling spied on and has made people start questioning, “Do I really want this?”

So what can a business do?
People want products and services, but don’t want to have their lives tracked and categorized. More importantly they want to know that the data they do give is secure and that a business isn’t going to SPAM them with endless notifications or emails. In this interest there are some best practices that companies should employ:

  1. Give People A Choice – No one likes being told they MUST do something. It’s important that companies give anyone who signs up for a service the choice to.

  2. Be Transparent – If you’re offering services or devices with network access it’s important to be as clear as possible about what kind of data you’re collecting, why you’re collecting it, and the duration of time you will retain it.

  3. Be Clear – Long gone are the days of 5,000 to 10,000 word terms of service. Short, understandable and clear will earn you more customers than legal babble.

  4. Advertising – To many, advertising is just as bad as SPAM. If possible, offer some level of control of how people can control what they’re viewing.

  5. User Access – In the event user’s are given access to a website or network, it’s best to make them provide a complex password. Have them include a combination of uppercase, lowercase, numbers and a special character such as !, #, @, or $. This will greatly increase the difficulty for someone to access their accounts and cause problems with their personal data.

Additionally, here are a few things that companies commonly don’t do, but should:

  1. Let Consumers Unsubscribe – Let recipients unsubscribe in digital marketing materials or at least one click away from them.
  2. Opt-out – When people opt-out follow-up and be sure to remove them from any customer/subscription lists after they unsubscribe.

  3. Let them know who you are, and where you’re from – There is nothing less trustworthy than a disembodied organization. Be sure to state immediately who you are, and a physical location in which they can visit.

  4. If you’re sending an advertisement, make it clear that it’s an advertisement – Too often people get confused by special offer advertisements that are misconstrued as something else. And confusion in advertising only leads to SPAM reports online.

  5. Be involved, even if you’re not – Many companies outsource their digital advertising, but often don’t keep in touch to monitor what their agency’s are doing. It’s a best practice to stay in touch and confirm that the agency at work is doing what’s best for the company.

Until data anonymization is the digital data standard, the simple steps listed above can go a long way in making customers feel safe in using online network services. If you have any thoughts or questions, we encourage you to leave them in the comments below.

Resources
Aggregated anonymized data
Is the Internet of Things IPv6 ready?
How worried should small businesses be regarding cyber security
W3C Standards of Privacy
Pew Research Center – Anonymity, Privacy, and Security Online
Truste.com – 45% of American’s Think Online Privacy is More Important than National Security
Cyber Attacks on US Companies in 2014

 

J.D. Cutter,

Senior Front-End Web Developer

Connect on Linkedin