A recent study sponsored by Intel Security called “Internet of Things and the Smart Home” showed just how much people value their personal data. The study was conducted in July 2015 by Vanson Bourne and collected information from 9,000 consumers.

Everyone has their price, and in this survey of consumers in nine different countries, a majority of respondents indicated they might be willing to share their personal data collected from their smart home with companies in exchange for money. Notably, 70 percent agreed companies should give coupons and discounts to customers in return for data about device usage. That is somewhat depressing.

The Personal Data Disconnect

Here is the disconnect: 92 percent of those surveyed were very concerned about their smart home data being hacked by cybercriminals, even though many were looking forward to living in a smart home.

“Security has to be foundational to the Internet of Things, and when done right, it can be an enabler of IoT,” said Steve Grobman, the chief technology officer for Intel Security, in a statement.

That’s the problem: It is rarely done correctly. While the market for smarter home-based devices such as thermostats, security monitors and safety equipment is booming, few consumers have considered the information security aspects of these devices or what personal data they can collect.

Many of these devices have open IP ports or simple default administrative credentials that leave backdoors cybercriminals can easily exploit. Computerworld reported on an HP study that found 10 different IoT-connected home devices such as smart TVs, webcams and baby monitors are full of security vulnerabilities.

While none of the home IoT suppliers have been sued for a cyber break-in, it is only a matter of time. The potential for obtaining personal information from one of these vendors may not be that far behind, especially given how lax many are with cybersecurity.

Making matters worse is that there is a sizable gap between the real and imagined popularity of connected home devices, described in detail in the “Internet of Things and the Smart Home” report.

Securing Smart Buildings

Mashable is just one source that published a series of suggestions that potential home IoT vendors should consider. Some recommendations include:

  • Have clear statements about privacy policies that are easily accessible from your website’s home page.
  • Implement a process to regularly update firmware with the latest security patches and improvements.
  • Require customers to change default passwords upon installation and enforce stronger password policies.
  • Choose default settings that offer more data privacy protection.
  • Have as few open IP ports as necessary.

Obviously IoT isn’t going away, and its lure for more home-related devices is certainly strong. But the right level of information security should be baked into a vendor’s business model — and its products, too.

To learn more watch the on-demand webinar: Securing the Internet of Things

More from Data Protection

Transitioning to Quantum-Safe Encryption

With their vast increase in computing power, quantum computers promise to revolutionize many fields. Artificial intelligence, medicine and space exploration all benefit from this technological leap — but that power is also a double-edged sword. The risk is that threat actors could abuse quantum computers to break the key cryptographic algorithms we depend upon for the safety of our digital world. This poses a threat to a wide range of critical areas. Fortunately, alternate cryptographic algorithms that are safe against…

How Do You Plan to Celebrate National Computer Security Day?

In October 2022, the world marked the 19th Cybersecurity Awareness Month. October might be over, but employers can still talk about awareness of digital threats. We all have another chance before then: National Computer Security Day. The History of National Computer Security Day The origins of National Computer Security Day trace back to 1988 and the Washington, D.C. chapter of the Association for Computing Machinery’s Special Interest Group on Security, Audit and Control. As noted by National Today, those in…

Resilient Companies Have a Disaster Recovery Plan

Historically, disaster recovery (DR) planning focused on protection against unlikely events such as fires, floods and natural disasters. Some companies mistakenly view DR as an insurance policy for which the likelihood of a claim is low. With the current financial and economic pressures, cutting or underfunding DR planning is a tempting prospect for many organizations. That impulse could be costly. Unfortunately, many companies have adopted newer technology delivery models without DR in mind, such as Cloud Infrastructure-as-a-Service (IaaS), Software-as-a-Service (SaaS)…

Millions Lost in Minutes — Mitigating Public-Facing Attacks

In recent years, many high-profile companies have suffered destructive cybersecurity breaches. These public-facing assaults cost organizations millions of dollars in minutes, from stock prices to media partnerships. Fast Company, Rockstar, Uber, Apple and more have all been victims of these costly and embarrassing attacks. The total average cost of a data breach has increased by 2.6% since 2021 and is now $4.35 million. Organizations that don't deploy zero trust security models also incur an average of $1 million more in…