Compliance Nightmares Associated with IoT (and How to Solve Them)
There are two ways that law firms interact with IoT. One way is during eDiscovery when lawyers can look at devices like Fitbit and voice speakers to gather necessary digital evidence.
The second way IoT makes its way into law practices is through the use of it by the law firm itself. For example, they may have a video doorbell at the front door, or a lawyer may dictate notes into a voice assistant through the stereo in their car.
IoT is just another world of devices that allow us to communicate and transmit data and ideas. It’s also an area of concern for law office cybersecurity and compliance.
Smart gadgets are popping up fast and often come with slick marketing campaigns. Why not get that new smartwatch that allows you to answer calls and texts from your wrist? Right? Unfortunately, data security is often at risk and may be an afterthought once the excitement of using a new gadget has faded.
By 2030, it’s projected that 75% of all devices will be IoT (aka internet-connected).
What is IoT, Exactly?
Let’s start by defining exactly what IoT is. The acronym stands for Internet of Things, and it’s a term to group internet-connected devices other than our standard computers and mobile devices. So, a wireless printer, smartwatch, Echo voice speaker, smart refrigerator… these are all considered IoT devices.
There are numerous iterations of smart devices being created. At the basic level, when you connect something to the internet, like a smart thermostat, you can now control it remotely. Just pull up an app on your smartphone and you can turn up the A/C just as if you were pushing the button physically.
When devices are connected to the internet and run by cloud software, they also gain the ability to talk to each other. For example, a proximity ping from your mobile phone can alert your smart lights that you’re almost home and turn them on before you get there. Once programmed, it happens automatically.
But that type of data flow and loss of control can be dangerous when it comes to data privacy compliance needs. We’ll go through some of the biggest dangers and how to solve them next.
Compliance Dangers of IoT & How to Overcome Them
Oversharing of Data with 3rd Parties
There is a disturbing amount of personal data out there about us that we have no idea is being shared. Platforms like Facebook and Google share data based on every action you take online, allowing advertisers to build a personality profile of you that is scarily accurate.
IoT devices also overshare data if you’re not careful. For example, those with certain types of doorbell cameras can opt-in to sharing data with law enforcement. The video and audio recordings of their security system could end up in unknown places.
Sharing features can be tricky when using IoT. Often, you will see a small disclaimer about “improving your experience” or warning you that if you don’t turn on this sharing feature, “all features might not work as expected.”
When using any IoT device in a law office, you should turn off any 3rd party data sharing features. While your front office smart speaker may not store files like cloud storage services, it can record sensitive conversions. This has been shown to happen, even when the devices aren’t activated through a command.
Lack of Secure Password
IoT devices are on the radar of cybercriminals, and they often hack them easily because users fail to change the default password. People tend to view IoT through a narrow lens. They think that since something like a smart coffee maker isn’t storing files, no one is going to bother breaching it. So, they fail to secure it with a strong password.
But IoT devices, even the most basic, can be used as a gateway to other devices on your network. Between January and June of 2021, there were 1.51 billion beaches of IoT devices, a 639 million increase over 2020.
IoT devices should be secured with strong passwords immediately when they are being set up. Never leave the default username and password that came with the device in place.
Lack of Encryption & Insufficient App Security
IoT devices transmit data, and if that data isn’t encrypted during transmission, it can easily be intercepted and manipulated by hackers. Encryption is not automatically included with all IoT devices, and many lack this vital security protocol.
Another area of concern is the software used to run the device. In some cases, this may be very basic and created just to give you quick controls from your phone over the IoT device. It can include code flaws that make the software easy to hack.
Remember, just because software controlling one IoT device may not seem to have anything a hacker would want, it can be used to breach a device, which can then get the hacker into more sensitive areas of a phone or computer.
Before you bring an IoT device into your law practice, make sure you do your homework on the encryption and security available with that device and its software.
How Secure Is the IoT In Your Law Office?
Do you know the various types of IoT with access to devices used for your practice? Strategic Technology Solutions can perform a full assessment and help you ensure IoT isn’t leaving you at risk of a data privacy breach.
We serve law firms in Los Angeles, California, Arizona, and nationwide. Reach out today online or call 800-377-1648.