Internet of Things

It's all connected. From comic-book enthusiasts to conspiracy theorists to new-age acolytes — many believe that those seemingly random dots do connect. And now the “Internet of Things” (IoT) might start us down that road.

According to the Tech Target website, “The Internet of Things” (IoT) is a system of interrelated computing devices, mechanical and digital machines, objects, animals or people that are provided with unique identifiers and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction.” In other words, providing a connection between these “things” and the internet is a way to create a “smart” environment by automating some daily activities of individuals and organizations.

Embedding the smart things with sensors and unique identifiers allows them to send and receive data via the internet. IoT innovations provide opportunities for organizations to measure and collect data and then use statistic models to analyze it, which could lead to a revolution in strategies to market products and services. As a result, the IoT provides avenues for many to become more efficient with their time, reduce costs, and improve their productivity and ways of life.

The good

Useful consumer devices

The FBI provides good examples of consumer IoT applications:

Home automation devices: Homeowners save with a smart product that monitors daily gas and electricity consumption and adjusts it accordingly. Users connect their smart thermostats to their smart lights, which allow the lights to dim automatically as the thermostats reach prescribed temperatures.

Security systems: Home and auto owners protect them with automated alarm systems and surveillance cameras, which human movement can activate.

Medical devices: Users monitor changes in heart behavior and other vital signs or expired prescriptions.

Wearables: Users’ fitness products track physical activity and sleep statistics.

Smart appliances: Devices automatically monitor changes in refrigerators, freezers, ovens, washers, dryers and coffee makers. A smart refrigerator tells you when you’re out of milk or other items.

Office equipment: A wireless printer sends a message to a portable device or laptop when its ink level is low.

Entertainment devices: You can program and control activity of TVs and other entertainment devices via smart spatial products that automatically detect audio spaces in rooms.

Hubs: Users can control all of their IoT devices through a single app.

Industrial use

Here’s a small sample of industries that have adopted the IoT model:

Transportation: Microsoft suggests four transportation IoT applications: maintaining vehicle performance, enabling IoT in cars and vehicles, optimizing fleet operations and keeping traffic moving.

Medical and health care: Microsoft also suggests four IoT applications for the health care industry: monitoring patient care through wearable sensors, monitoring medical assets, maintaining vital equipment and tracking equipment usage.

Manufacturing: SAS suggests ways the manufacturing industry can apply the IoT model, including reducing scrap, detecting problems early and big-data integration.

U.S. federal government: The Center for Innovation in its July 25, 2016, article, How Is the Federal Government Using the Internet of Things? by Daniel Castro, Joshua New and Alan McQuinn, reports how the U.S. federal government is using IoT to reduce costs:

• Smart buildings: The government uses everything from simple motion sensors that turn off lights to lowering shades.
• Fleet telematics improve asset management: Sensors monitor vehicles to check their locations or performances.
• Automate manual processes: The Department of Agriculture’s National Agricultural Statistics Services collects some of its data automatically from connected farm technologies to improve how it gathers its statistics on private farms.
• Enhance military capabilities: The military monitors defense capabilities with everything from cameras to satellites.
• Monitor weather and the environment: The National Oceanic and Atmospheric Administration uses underwater acoustic sensors to study ecological and environmental phenomena.
• Protect public health and safety: The U.S. Department of Veterans Affairs equips some of its hospitals with earthquake sensors that will notify administrators if they need to evacuate patients and staff.

The bad

Fraudsters view the IoT as another gold mine because it only works by sharing data, which device manufacturers, organizations and users still don’t secure. All the consumer and industrial uses above and many more are vulnerable.

Fraud risks are compounded because organizations aren’t protecting their data with strong security systems and savvy, trained employees. Strong IoT fraud awareness programs should be mandatory for employees at all levels.

Here are other disadvantages of the IoT model, according to the technology website e27’s June 15, 2016, article The advantages and disadvantages of Internet Of Things, by Prateek Saxena:

Compatibility: IoT needs a uniform, safer concept such as the USB (Universal Serial Bus) or Bluetooth to link devices, which it doesn’t have.

Complexity: The system can fail through software bugs, such as multiple people in a household receiving a message via the refrigerator that they need to buy groceries.

Privacy/security: All the data should be encrypted. No one wants their finances or habits to become public knowledge.

Safety: Hackers can break into software and obtain personally identifiable information, change prescriptions or steal account details. (Parents, see the FBI alert about the identity theft risks associated with some IoT toys.)

Minimizing IoT risks

The FBI provides advice to minimize some IoT risks:

• Change default usernames and passwords frequently, of course. Don’t use simple passwords — no pet or spouse names!
• If you can’t change the password on the device, ensure your Wi-Fi has a strong password and encryption.
• Put IoT devices on their own protected networks.
• Build strong network firewalls and disable port forwarding.
• Follow the manufacturer security recommendations and turn off devices when you’re not using them.
• Research your options when shopping for new IoT devices and use reputable websites that specialize in cybersecurity analysis.
• Use manufacturers with track records of providing security to their products and firmware and software updates.
• Find out what data your devices are collecting and storing, for how long, if it’s encrypted and if it’s being sold to other parties. Opt out of data collection if possible or practical.
• Make sure all IoT devices’ software and security patches are up to date.
• Use cybersecurity best practices when connecting IoT devices to wireless networks and remotely to an IoT device.
• Invest in a secure router with robust security and authentication. If your router will allow you to “whitelist” — or specify those devices that are authorized to connect to your network — then do so. You can use whitelisting to identify malicious network traffic from unauthorized devices and prevent them from making connections.

More help for the community

Please share this information with your business associates, family, friends and clients and include it in your outreach programs. An important takeaway from this column is that the IoT revolution is in its early stages, so it has many good and bad attributes. You have been forewarned, so tread with care!

Please contact me if you have any identity theft or cyber-related issues you’d like me to research and possibly include in future columns or if you have any questions about this column or any other cybersecurity and identity theft issues. I don’t have all the answers, but I’ll do my best to help. Stay tuned!

Robert E. Holtfreter, Ph.D., CFE, CICA, CBA, is distinguished professor of accounting and research at Central Washington University in Ellensburg, Wash. He’s also on the ACFE’s Advisory Council and the Editorial Advisory Committee. Holtfreter was the recipient of the Hubbard Award for the best Fraud Magazine feature article in 2016. His email address is: doctorh007@gmail.com.