Is There A Price For Privacy?
When you think of your home environment, do you view it as your sanctuary — the place where you feel the most secure and private? A handful of years ago, I would have expected most people to answer that question with a resounding yes. At that time, the heightened focus on the internet of things (IoT) was not what it is today, at least not on the home front. But with the steady rise of Wi-Fi-connected baby monitors, home security systems and smart everything (lights, locks, sound systems and more), our home and office environments have dramatically changed.
Today, everything is connected. But to what end? Where do we need to draw the line as consumers of technology?
Working in identity management and helping corporations secure their users’ digital identities, I am maybe over-sensitized to how data can be breached, leaked and exploited by malicious actors. In my daily work, we try to provide governance within the enterprise in which software bots have access to different categories of data, which makes me reflect on the devices we use at home that have access to our personal data.
A Fundamental Shift
A connected home is meant to provide a new level of convenience and, in certain instances, an added layer of security. However, it seems a week does not go by without news of another smart device that has been breached. An example that hits very close to home for me as a mother is the impact that a hacked Wi-Fi-enabled baby monitor can have on one of the most precious areas of the home: the nursery.
A rash of incidents was reported at the end of 2018 when several Nest devices were targeted by hackers as a means of gaining entrance to the home. It’s a terrifying thought to consider that a complete stranger could make contact with you or your little ones from your Nest device, and it is even more terrifying to think that they could have the means or visibility to eventually break into your home.
Then, there are the cybersecurity implications. We need to consider that smart devices are not only connected to our home or other devices, but they also contain sensitive data, including payment card information, passwords and the like. Hacking personal information through such devices is a clear concern that can go beyond an initial impact on the household, particularly if those devices have login credentials that are shared across various user accounts, personal and corporate.
The domino effect of shared login credentials across accounts has been a major topic in the headlines lately, and we saw credential stuffing make major waves during the MEGA breach at the beginning of January. With one breached account, hackers could expose multiple user accounts if the username and password had been replicated. This is why we urge our own employees and customers to adhere to good password hygiene. For example, keep your passwords long and complex — and avoid repeating those passwords across your various user accounts.
Privacy: Fact Or Fiction
The impact the smart home has had on security is obvious, but its larger impact may be on our privacy. It begs the question of whether or not privacy will exist in a connected world.
Another interesting example is the recent Amazon Ring break-out story, where a research and engineering team was given unfettered access to a cloud folder housing every single video ever created by Ring cameras around the world. In addition, some Amazon Ring executives and engineers were given similar access to live feeds of Ring users.
The question is, do we agree to forfeit our privacy when we purchase a smart device? Amazon Ring is not the only device that could encounter such a breach. In fact, as a consumer, the second you allow a connected device into your home, you have to assume a certain loss of privacy. Personally, I am not OK with it. The risk is not worth the convenience of these devices.
Is Nothing Sacred Anymore?
We are in the midst of a major paradigm shift as consumers, in which the threshold for today’s modern connected home remains undefined. Many consumers do not consider the impact that turning on a Google Home device or allowing Alexa to be your digital assistant can have from a privacy and security standpoint.
In my last visit to a friend’s home in Silicon Valley, she demonstrated to me the wonders of using Alexa for everything from homework help to just calling the kids to come down for dinner. That same friend worked alongside me for several years in a major cybersecurity company. All that acute awareness and cybersecurity education did not make her stop and think about the possible consequences of living her life in front of always-connected devices.
This is a real-world reminder that all of us, cybersecurity experts or not, should exercise caution when purchasing connected devices, whether for home or office use. It’s important to not display — verbally or visually — any personal or corporate sensitive data when in presence of any connected IoT device. We should also consider that the same devices that make our lives easier could also be used by a deceptive third party to rob us of our privacy.
Ultimately, have we reached the point where our security is no longer more important than efficiency? Or do we simply not care enough to consider the implications? Time will tell, but in my view, there is plenty of technology in my work life that heightens my productivity. I will choose privacy over convenience, especially at home. To me, that is far more sacred.
This post was originally posted on Forbes.