The Internet of Things (IoT) and Digitally Stored PII: Avoidable or Inevitable? 

The Internet of Things (IoT) is rapidly showing up in all facets of daily life and collecting personally identifiable information (PII) in massive quantities. From smart home thermostats to one-click purchasing, IoT devices collect PII to personalize experiences for consumers. In an increasingly digital and connected world, unprecedented immersion into environments of convenience, knowledge, and accessibility has become the norm. While these are exciting times, it is imperative to consistently manage personal and professional vulnerabilities surrounding IoT and digitally stored PII. As the Spider-Man canon advises, “With great power comes great responsibility,” and it is critical to explore and weigh the risks of convenience against safety and security.

Everything is Connected

In a bygone era, interesting facts were pulled off the shelf from the appropriate book of a grandparent’s encyclopedia set. The fact that voice-controlled devices can now answer all the important questions of the universe, is an all-out gamechanger. 

As illustrated in the Libelium Smart World infographic, IoT has the potential to have a positive impact on a grand scale. Transportation infrastructure, environmental hazard detection, and monitoring food supply safety could improve quality of life, business efficiency, and profitability for millions of people.

The darker side of IoT and digitally stored PII warns of in-home violations via hacked baby monitors, compromised appliances initiating malicious global email attacks, and life-threatening access to implanted pacemakers. While some companies claim to “ensure” encryption and promise not to share user information, the use of a genealogy site to capture a serial killer has already set a precedent for using consumer information in unexpected and unintended ways. There is a delicate balance between championing innovation and cultivating risk awareness.

How IoT can turn ugly

It often feels like life operates at break-neck speed, so conveniences afforded by IoT and digitally stored PII, such as one-click ordering and dash buttons, are a welcome respite. However, enter in a phone porting scam, where someone steals another person’s mobile number, and suddenly a malicious actor has incredibly easy and damaging access to saved retail sites, purchase history, payment methods, and home address. All this information provides enough material to launch a sophisticated social engineering attack and open attack vectors to the intended target’s network of family, friends, and colleagues.

Threat Mitigation

Manufacturing and purchases of IoT products and services aren’t going anywhere but up. The boom of available products has exploded in recent years and is on track to multiply exponentially year over year. There isn’t a regulated standard for monitoring such a boom so the onus of safety and security falls on the shoulders of individual users. Taking calculated risks is highly subjective and personal, so it’s up to each person to research and educate themselves on how IoT and digitally stored PII fits into, and affects, their lives. Seek out expert advice on privacy control strategies, such as former government computer crime investigator Michael Bazzell’s interviews and book. Be an informed consumer and use purchasing power to support companies and products that take security seriously. Monitor accounts and devices regularly to detect anything unusual. Implement best practices for good cyber hygiene like having robust passwords and not using the same password for multiple devices or accounts.