IoT devices are a huge cyber-security risk, and that is mostly because security of these devices is “bolted on as an afterthought”, rather than being embedded in the design process.
This is according to the latest news release from National Cyber Security Centre. With this in mind, it is kicking off the Government’s Security by Design review, developed together with manufacturers and retailers. The review aims to make sure IoT devices stay secure for the lifetime of the product.
This review will outline practical steps manufacturers, service providers and developers should stick to, to make sure their devices stay safe:
· All passwords on new devices and products are unique and not resettable to a factory default, such as 'admin';
· They have a vulnerability policy and public point of contact so security researchers and others can report issues immediately and they are quickly acted upon;
· Sensitive data which is transmitted over apps or products is encrypted;
· Software is automatically updated and there is clear guidance on updates to customers;
· It is easy for consumers to delete personal data on devices and products;
· Installation and maintenance of devices is easy.
“We want everyone to benefit from the huge potential of internet-connected devices and it is important they are safe and have a positive impact on people’s lives,” said Margot James, Minister for Digital and the Creative Industries. “We have worked alongside industry to develop a tough new set of rules so strong security measures are built into everyday technology from the moment it is developed. This will help ensure that we have the right rules and frameworks in place to protect individuals and that the UK continues to be a world-leading, innovation-friendly digital economy.”
Image source: Shutterstock/everything possible