With high-profile data breaches all over the news, cybersecurity is on everyone’s mind. But beyond educating staff and users alike on best practices, what can Internet of Things companies do to improve their data security practices as they rush to ship products out the door?
To find out, I asked 10 entrepreneurs from YEC the following:
What’s one way an IoT company can ensure data security with their newest product?
Assign clear roles and responsibilities
Make sure that your employees who are entrusted with the security of your product understand their job roles and responsibilities. When employees don’t have clear direction or clear responsibilities, things start to fall through the cracks and holes develop. When it comes to security, it’s imperative that these holes do not exist. It is your responsibility to give your employees precise instructions and training in order for the company to reach your security goals. You should be sitting down with each team member periodically in order to assess their work and their responsibilities. Periodic assessments can help your company remain proactive instead of reactive and keep your security in place. – Phil Laboon, Eyeflow Internet Marketing
Delete and anonymize data
As a founder of an IoT company, I believe that one of the best ways to avoid breaches in security is to avoid them altogether by only saving the data you need and anonymizing it as much as possible. We have prevented issues by not even saving some of the same data that others keep. For example, you don’t need to worry about a user’s Wi-Fi password if you don’t even save it. If you do, certainly don’t keep it in plain-text. For the data you need to keep for the purpose of making your product better, anonymize the data so it cannot be tied back to a customer. Of course, use best practices every chance you get. Use encryption, multi-factor authentications and use only the best hosting environments. It also helps to create and manage your own servers instead of using a third party. – Andrew Thomas, SkyBell Doorbell
Hire a hacker
If you want your product to be as secure as possible, hire someone with all the skills to break into it and work with them to protect it from what they can do. There are still many gaps in data security that even the best protocols and standard security practices won’t protect against, especially if you don’t even know what they are. By working with a white-hat hacker and paying them to try to breach security, you’ll understand where all of the weak points of your new product are and be able to protect them. – Dave Nevogt, Hubstaff.com
Create a standardized and convenient way to update security
An IoT company should create a standardized way that’s convenient for their customers to update the security in their IoT device. There needs to be a uniform delivery system and an easy-to-access and easy-to-install option for all security updates. This can be particularly challenging when you have thousands of devices in the hands of end users. – Nicole Munoz, Start Ranking Now
Influence user behavior to strengthen security
IoT devices, particularly speech interactive ones, have a great capacity to influence user behavior. They will come to know us better than our mothers, and we’ll trust AI recommendations for restaurants, apparel and cars because we’ll know that it has our tastes and best interests at heart (via algorithm). So, IoT devices have the authority to cajole us into updating our passwords, changing our privacy settings, and employing other hack-prevention techniques. Integrate these functions to deploy periodically on the AI and consumers will secure the most commonly breached barrier — the ones users build for themselves. – Manpreet Singh, TalkLocal
Educate users and staff on best security practices
IoT has become increasingly more popular, but as it grows so do the security risks. Educating users and staff on the best security practices, such as frequent password changes, will help minimize security risks and get everyone on the front lines. Having a team of IT specialists do the rest of the heavy lifting, in terms of in-depth security, will also be beneficial. This way everyone is playing a part in keeping the data secure. – Shalyn Dever, Chatter Buzz
Encrypt data and certify devices
IoT product manufactures struggle with regulating and standardizing communication protocols. The transfer of information and data is simplified to ensure communication across multiple devices that are running different software, which was built from various manufacturers. While this has increased the cross-product compatibility of IoT devices, is has left products vulnerable to data security risks. By encrypting the data, it can be protected as it transfers over the Internet. Requiring authentication by using device ID certification will add another layer of data protection as the devices communicate. Lastly, using digital certificates in firmware and software as well as SSL certificates for communication will strengthen the level of security. – Nick Chasinov, Teknicks
IoT companies are often quick to ship a product without thinking about the future. If they spent a bit more time planning for future upgrades to be released they could solve the security problems that are uncovered later. The most important step to ensuring upgradability is to ship open source software with the hardware to provide customers an upgrade path for their hardware long after the vendor stops providing support. – Lane Campbell, Creately
Make security a core concern
The IoT is exploding because it’s a relatively cheap market to get into. The components for building connected devices are inexpensive. Unfortunately, many of these companies under-invest where security is concerned — security is an afterthought, if it’s thought of at all. An IoT company that makes security central to product design already has an advantage over most early movers in the space. – Vik Patel, Future Hosting
Monitor data diligently
With security data constantly being breached, having the proper protection in place isn’t enough. Your company should dedicate a team to monitor data security around the clock in order to keep your information and clients’ information safe. There is also data-leakage prevention software out there that looks for specific information coming out of your internal network that would indicate a breach. – Anthony Pezzotti, Knowzo.com
This post is part of our contributor series. The views expressed are the author's own and not necessarily shared by TNW.