Do consumers need IoT security “education”?

So, it’s certainly time for action. But the consumer world doesn’t work like those enterprises with high security standards and maturity levels. So the question remains: do we need to educate the consumer (and businesses)? And, if so, who, when, where and how?

Maybe there is no need to inform and educate people on IoT security. Maybe it’s part of a broader, again, holistic exercise to raise awareness about data and security issues in this digital age altogether. Maybe it’s just a waste of time and money.

It’s obviously a dream that this could happen in a coordinated way just as it is a dream that it is possible to achieve it globally in these geo-political times of change and just as it is a dream that everyone can be educated and, if educated, does the right things. After all, in the business world, the educated, also continue to use applications and devices that aren’t really approved; they always find a way.

Yet, on the other hand, if nothing is done, consumers will 1) continue to struggle with security and 2) continue to shape their perceptions with regards to IoT, let alone connected devices, through media reports with populist messages of the coming IoT-geddon (we did’t invent the term). Moreover, regulators are effectively stepping in.

Still, the more people are knowledgeable, the better. And the more we can move to certifications, tests and getting rid of those rotten apples, the better. Both the industry and consumers, we, have everything to gain when this happens. But the question remains: is it needed, feasible and, if so, who, where, when and how? If you read this far: these are all questions to ponder if you care, while checking out that McAfee infographic below.

The right of information

And here is some additional food for thought: as a consumer I have a right to know and rely on information provided by companies.

If I buy a car and the manufacturer makes statements on the CO2 emission: I need to be able to rely upon that information. It’s the duty of the manufacturer to provide the correct information. If he doesn’t, lawsuits follow and people in the end lose their jobs. I also have a right to buy a smartphone without an exploding battery. And I have a right to buy a product that isn’t hacked the very minute I install it.

However, to make those decisions I need to know and I need to be able to hold someone accountable for any damage. Consumer protection laws: they seem to work for the cars and the smartphone batteries, even if the manufacturers have to pay a price. So why not add the right of buying something secure in the context of the Internet (of Things), just as we have the right of buying something secure in the sense that it won’t explode in our face the very instant we plug it in? One common issue between the 3 mentioned examples (the car, the exploding battery and the connected device) is the dimension of speed, profitability and competition. The difference? There are no requirements to provide clear security information in the connected devices market. Think about it.

And here’s a quote from the Intel Security/Mc Afee press release to help you ponder all those questions even more: “Today’s digital world is changing fast, and our reliance on the internet is ever increasing. The recent distributed denial of service (DDoS) attack was carried out by a botnet made up of unsecured webcams and other Internet of Things (IoT) devices, and crippled many popular websites connected to the Dyn domain. It’s important that consumers understand they can help fight these attacks by ensuring their devices are updated and patched, which helps mitigate risks from the latest threats.”