Let’s Get Physical: Securing Data in Connected Homes, Cars & Everywhere Else

Written by

It’s much easier to retrieve data from an individual gadget or device than it is to hack into a major vendor’s network, and nearly every smart product is set up to automatically and routinely to record and store customer data locally.

If we look at the connected home, it immediately becomes apparent why the ability to properly and securely erase all personal data is so important. According to recent Census data, the average American moves to a new home 11.4 times over the course of their lifetime.

When you look at connected household products like smart refrigerators and thermostats, they have a much longer lifecycle than the average period of time a person stays in one residence. That’s why protecting the enormous amounts of data transmitted through digital devices to these gadgets is vital.

Consider this: As a home owner or renter, it’s an added benefit to be able to control the temperature within your home and automatically adjust and personalize the settings based on who is inside the house at that very moment and do this all straight from your smartphone – even if you’re on-the-go. But what happens once your 12-month apartment lease has ended or you’ve sold your home? That added functionality ceases to be useful and if the data hasn’t been properly and completely removed from the thermostat, it could be relatively easy for a cyber-criminal to potentially access and steal it.

Even relatively mundane metadata related to when you arrived home each evening could be used over time to extrapolate behavioral patterns and trends. So in a worst-case scenario, a criminal could leverage that personal information for nefarious purposes, such as identity fraud or theft.

Let’s not forget about the buoyant sharing economy that’s seeing the likes of Uber and Aribnb gaining in popularity around the world. These shared service providers simplify the entire user experience and automate it in such a way that users’ credit cards are linked directly to the apps.

This strategy has clearly been paying off – investment bank Piper Jaffray says Airbnb enabled about 40 million room nights in 2014 and estimates that it could reach 1.5 million listings in 2015 – up from the one million listings it had in mid-2014. But something is still missing from this business model and could jeopardize their user adoption and growth rates drastically.

These shared service providers – and other businesses – should have a built-in security feature that completely and permanently erases all personal information – including names, phone numbers, addresses and credit card numbers – when users stop using them. Users should then receive a verification report within their accounts confirming all of their personal information has been properly and completely removed.

To customers, this would offer the dual benefits of an improved customer experience and an absolute guarantee that their personal information and sensitive data won’t be compromised. It then becomes a point of differentiation for these already-successful businesses and could catapult them to the next level and help them cement customer loyalty, boost adoption and grow sales consistently. Given the Identity Theft Resource Center (ITRC) reports a total 577 data breaches were recorded thus far in 2015 (through September 29, 2015) and more than 155 million records have been exposed, I’d say making this change could have a huge impact on Airbnb, Uber and other businesses.

The truth is that many manufacturers have prioritized ease-of-use, cross-channel functionality and customer experience optimization when developing and launching new products in the market: and rightfully so. After all, we live in a world where consumers don’t just want the most personalized, relevant customer experiences from businesses, they demand it and will go to a competitor if a business fails to deliver.

Now this is where a small, but very important, change needs to occur. Rather than separating product development and data security into two separate categories, both need to be equally involved at all stages of product development. It only takes one mishap where an individual’s data is leaked – be it accidental or an intentional cyber-attack – for consumer trust in the entire IoT market to be eroded.

If manufacturers want to build IoT features and capabilities into their products and generate a consistent stream of revenue and boost customer loyalty, they need to automate the proper and complete removal of data into product design from the start.

Making this a reality is perfectly achievable, but it requires changes to the way products have traditionally been developed and supported. One of the first things I’d like to see happen is that IT and data science teams are invited to the same table as product developers, UX/UI designers and engineers at the earliest stage so that when a product is even in the conceptualization stage, data protection is being considered and integrated directly into it.

As a society, we also need to invest more time, resources and money into educating consumers and businesses on the responsible use, patching and disposal of internet-enabled gadgets and devices. This education needs to start from an early age in the same way that children are taught to avoid dangerous individuals and crime. Only when these changes happen will manufacturers be able to scale their products and businesses for long-term growth and success.

What’s hot on Infosecurity Magazine?