June’s awareness topic is IoT - the Insecurity of Things

IOne of this months poster designsntroduction and scope

The Internet of Things (IoT) is a rapidly evolving and fascinating topic, with value for security awareness purposes.  IoT presents a heady mix of risks and opportunities, with substantial commercial, safety, privacy and information security challenges ahead, and sociological implications for good measure. 

As commonly understood, things are mostly small, inexpensive, low-powered, “smart” wireless devices, electronic gizmos with processing and networking capabilities, sensors and sometimes actuators.  Many are discreetly tucked away behind the scenes , quietly doing whatever they do with no screen or keyboard and barely an LED to reveal their presence.  Smart watches, fitness trackers, glasses and other wearables are obvious, whereas medical monitors and home-detention tags are usually hidden.  Smart door locks, thermostats, air conditioners and garage doors are further examples of today’s first-generation things.  Meanwhile industrial things are quietly making inroads into our factories, warehouses, shops and offices, a semi-autonomous electronic army presenting big opportunities … and risks. Hackers and worms are already discovering and exploiting IoT security vulnerabilities.

Learning objectives

The latest NoticeBored module is intended to:

  • Introduce IoT, providing general background information as context for the awareness materials;
  • Describe (in generic terms) the information risks and the business opportunities typically associated with or arising from IoT;
  • Describe the corresponding information security controls and other risk treatment options (not least, avoidance);
  • Catch workers’ imaginations, opening their eyes to both the possibilities and the concerns;
  • Influence decision making, behaviors etc.

Think about your learning objectives in relation to IoT security.  Is it pertinent to your organization, its products and markets?  Are things being used on the shop floor, distribution centers or warehouses?  Is anyone actively researching, developing and selling things in your organization?  Are Facilities Management using smart thermostats, door locks and so forth?  Are your vendors and business partners heavily into IoT?  Are employees in particular business units, sites or departments experimenting with wearables whether for work purposes or simply because they love shiny toys?  These are all good reasons to spread awareness beyond the IT Department and traditional IT users this month, and they are potential sources of relevant anecdotes, case study materials, perhaps even guest speakers for your awareness sessions.

Inside the NoticeBored module

June’s module is suplied as a 73 Mb ZIP file containing  the following awareness materials:

 

Files

 

Explore the thinking that went into creating the June awareness materials items during May, and tag along as we develop July’s module on the NoticeBored blog

Building a security culture through awareness

A security culture involves everyone in the organization, top to bottom, collectively valuing, protecting and (where appropriate!) exploiting information. 

Subscribe to NoticeBored for fresh perspectives on information risk and security within the corporate context.  NoticeBored picks up on the strategic, governance, compliance and business aspects, particularly in the management stream of course but the principles underpin the general staff and professional streams too.  Information is a valuable and yet vulnerable asset that needs to be protected for sound business reasons.

Home > NB this month >

Copyright © 2017 IsecT Ltd.