Research Internet of Things devices before purchasing for business use

Research Internet of Things devices before purchasing for business use

Heidi Trost
Heidi Trost

Internet of Things (IoT) technology refers to giving everyday objects access to the internet. That includes your coffee maker, refrigerator, thermostat and nearly any other object can collect data, perform actions, communicate with people and other objects, and be controlled remotely.

Benefits of IoT tech

IoT technology is amazing. Today, you don’t have to be at home in order to see who is at your front door. Video doorbells, which connect a video feed to your smartphone, allow you to monitor what’s happening at your home remotely. Some even let you talk to the person who is at the door.

Video doorbells are just the beginning. IoT technology has major implications for businesses. Sensors placed on objects can track what’s happening around them, turning areas that were previously difficult to monitor—like manufacturing plants and a farmer’s field of crops—into data-rich environments that help business leaders make informed decisions.

Like the thermostat you can control from your phone, a major benefit of IoT devices in a business setting is the ability to control systems remotely. Some IoT devices are even smart enough to make autonomous adjustments in response to the data they receive—even communicate with or control other devices. That means an IoT device can not only tell you that one of your business-critical machines is not functioning properly, it can actually do something about it.

Challenges with IoT tech

IoT technology also presents unique challenges. The IoT devices available today are built for different purposes and produced by a wide range of manufacturers that don’t have a set of universal standards

Many IoT devices and the user interfaces that allow humans to interact with them don’t adhere to basic usability principles. That means the devices are not only annoying to set up and use, but also increase the probability of human error, which could have larger safety and security consequences. This can also affect your business in two important ways: First, the interface slows employees down because it’s hard to configure and use. Second, a confusing interface could have life-threatening consequences when you consider contexts such as in medicine, power plants or while driving a car.

Speaking of security, the same video-monitoring technology that helps you keep your home safe could potentially be used for nefarious purposes by the people you are trying to keep out. The major flaw in IoT devices is that security is often not built into the devices from the start. Just as you can’t expect long-term structural integrity from a house built on a cracked foundation, you shouldn’t expect security from a device that wasn’t initially designed with security in mind. This is especially true when an object that was not previously intended to connect to the internet is given this capability as an afterthought.

If you’re buying IoT products for your organization, here are a few areas of concern relating to usability, privacy and security:

  • The manufacturer often doesn’t support the device after it ships. Security threats are constantly evolving, so IoT devices that are shipped and never updated again—despite new threats or uncovered vulnerabilities—are a major security risk.
  • IoT devices are shipped with terrible default usernames and passwords (for example, username: admin, password: password). To make things worse, the end user often doesn’t even know the credentials exist, so they don’t think to change them.
  • Lack of security around the data that sits on the device, as well as data going to and from the device. For many IoT devices, data needs to be both stored and transmitted. Unfortunately, not all manufacturers have taken the right steps to ensure data is secure when on the device. Further, the data is not always encrypted as it travels to and from the device.

Planning ahead

IoT devices pose security risks. So what does that mean for your organization? First, research the devices prior to purchasing them. What security measures has the manufacturer built into the device? How will the device be supported—if at all—after you receive it?

From a usability perspective, how well will employees be able to use and manage the devices? What risks do the devices pose in terms of increasing human error? If you’re developing custom systems and software around the devices, have you taken steps to ensure errors are prevented and, if they occur, can they be easily rectified?

Finally, and most importantly, what internal security measures do you have in place? Just like you would not give out copies of your house keys to everyone you meet, limiting the people and devices that access to your network is a security best practice. Keep in mind, when a vulnerability on an IoT device is exploited, bad actors can gain access to your network through the device, and then gain access to everything else on that network. The solution? Segregate IoT devices from the rest of your network. If you don’t have an internal IT team to help you, enlist the help of an IT services firm.

IoT technology presents amazing opportunities for businesses and consumers. They also present major usability and security risks. Before purchasing IoT devices, research the products to understand the security implications of each device. As a best practice, limit access to your network. As part of that, IoT devices should be siloed from the rest of the network.

Heidi Trost is a usability expert, user experience researcher, speaker and founder at Voice+Code.