Whether it’s playing dungeons and dragons over voice chat with my college friends hundreds of miles away, reading the latest movie reviews for summer blockbusters I’ll watch once they come out on video, or simply paying electrical bills, the Internet has become an important part of my life.
Yet, while I have come to rely on the Internet, I don’t always do what is best for it.
I don’t always patch my connected devices or applications, leaving them vulnerable to compromise and use in a botnet. I don’t look for security when buying an app or a device, let alone look at the privacy policies.
While I know I am hurting the overall security of the Internet, I find myself thinking, “I’m just one person, how much damage could I do?”
Unfortunately, according to one recent survey, there are a lot of people who act just like me.
The results from the 2018 CIGI-Ipsos Global Survey on Internet Security and Trust* suggest that many users fail to make security a priority as they shop for Internet of Things (IoT) devices. (IoT refers to “scenarios where network connectivity and computing capability extends to objects, sensors and everyday items not normally considered computers, allowing these devices to generate, exchange and consume data with minimal human intervention,” and can include consumer products, durable goods, cars and trucks, industrial and utility components, and sensors.)
According to one estimate, IoT is projected to grow to 38.5 billion connected devices in 2020, up from 13.4 billion in 2015. Each of these devices, whether a thermostat, car, fitness tracker, or something else, will be connected to the Internet. And, if left unsecured, these devices can be used to form networks of Internet-connected externally controlled devices (“botnets”), that can be used to attack infrastructure, online businesses – even you and me.
As more IoT products are brought online, it is critical that they have good security to avoid being pressed into a botnet. But manufacturers will only make them secure if there’s a market for it.
The survey suggests that while 52% of users would be willing to pay more for better product security, the other 48% of users would not. Respondents were also asked to rank several attributes by importance in influencing their decision to buy an application or connected device: price, security, privacy policy, functionality, ease of use, brand reputation, and appearance. While “security” scored better than the other options, only 31% of respondents placed it as the most important attribute influencing their decision to buy an application or connected device. And only 14% of respondents placed “privacy policy” as the most influential attribute.
If these results are indicative of the general trend, with nearly half of consumers unwilling to pay more for better security and only some placing security as their top priority when buying a device, will there be enough market demand to push manufacturers to make more secure products? I’m not sure.
But I do know we can do better.
Our actions (or lack of actions) can have a significant impact on other Internet users and services. When we choose the poorly-secured product because it is cheaper, we encourage IoT manufacturers to prioritize price over security. When nearly half of us refuse to pay more for better security we almost guarantee it.
Let’s all do better. Here are five actions I’ll take to make the Internet safer and its future brighter:
- Learn to shop smart, especially for connected devices. I’ll also be willing to pay a little more to be more secure.My post on shopping for connected toys and Mozilla’s guide to shopping for connected gifts are both great places to start.
- Update your devices and its applications.Anything that’s Internet connected, from light bulbs to your thermostat, should be updated. Updating your devices can help keep them safe from known vulnerabilities. If you are unsure about how to do this, the device manufacturer should have clear instructions on its website.
- Turn on encryption if available. Take a few minutes to see if your devices or services are already using encryption or if you need to turn it on.
- Take steps to make your home network more secure. By protecting your home network, you limit your exposure to online threats and help mitigate the risk a connecteddevice on your network may pose to others. An easy way to make your network more secure is to use encryption, a strong password, and firewall for your home WiFi network. Firewalls are often built in to routers and only have to be turned on. The manufacturer should have clear instructions on its website about how to do this.
- Use a strong password. If a connected-device or app comes with password protection, make sure you use a strong password. Do not just use the default password, a simple guessable password, or a password that uses easily-accessible personal information. This article provides advice for creating a strong password that you can still remember.
Rather than asking myself “how much damage can I do?” I should be asking “how much good can I do?” Even though I’m only one person, remember the survey. None of us are alone in this. Even small actions, if done by many, can have a big impact.
Let’s all do our part to make the Internet safer.
*CIGI (Center for International Governance Innovation) and Ipsos, with support from the Internet Society, conducted the survey in 25 economies (Australia, Brazil, Canada, China, Egypt, France, Germany, Great Britain, Hong Kong, India, Indonesia, Italy, Japan, Kenya, Mexico, Nigeria, Pakistan, Poland, South Africa, South Korea, Sweden, Tunisia, Turkey and the United States) with 25,262 Internet users. This is CIGI’s 4th Global Survey on Internet Security and Trust and it covers a range of issues including: Internet trust, privacy, e-commerce, online habits, the Internet of Things (IoT), and emerging technologies.