Turn out (and on) the lights

SmartThings, an app aimed at iOS 7, connects the rooms, lights and doors of a home to the Internet. The newest version of the app, according to TechCrunch, features an improved onboard experience and gradually introduces users to areas in which the IoT can provide assistance, such as “Home and Family,” “Lights and Appliances” and “Damage and Danger.”

The Internet of Things Power Play

InformationWeek offered some ways in which the IoT will affect energy management. Smart meters will revolutionize the power grid, and smart appliances will introduce usage-based pricing and the capability of homeowners to sell power back into the power grid.

The Internet of Things and Retail

Practical eCommerce identified five ways in which the IoT will benefit retailers. It will affect inventory management, fleet management, maintenance and warranty and real-time promotions. It will also make next-generation vending machines a reality.

Almost endless impact.

Libelium offers a 50-item list of how sensors affect daily life. Some highlights: monitoring of streets to identify open parking spots; monitoring structural integrity of structures; creating urban noise maps; automation of traffic congestion measurements; optimization of trash collection by receptacle monitoring; air pollution measurement; smart roads that issue warnings and forest fire detection.

Using the Internet of Things to Track…Things

Technology Review reports on Iotera, a company that makes tracking tags that can be used to keep an eye on an almost limitless number of objects. Examples include the ability to monitor tools at construction sites, pets, kids, and workers in dangerous locales such as oil rigs. It can work without access to commercial wireless networks or Bluetooth. The batteries can last for as long as five months.

The Internet of Things in Business

Business Insider’s BI Intelligence offers a report on business-to-business uses of the IoT. Examples include intelligent advertising and marketing, and smart water systems.

On the Road with the Internet of Things

ComputerWeekly cites fitness, energy and vehicular transportation as areas in which the IoT will have tremendous impact. But the crux of the story is that security issues associated with the flow of so much information are formidable. The key is tightly controlling the application programming interfaces (APIs) that let the sides in an IoT session exchange data.

A true idea of how deeply the IoT will affect day-to-day living can be garnered at the World Future Society. Environmental impacts will be felt in tracking atmospheric quality, trash cans, illegal logging prevention, the status of waterways and in myriad other ways. The story describes uses in other areas as arcane as monitoring hand-washing stations, clothes dryers, pill bottles and the elderly.

It may not revolutionize how we live, but ioBridge points out that the use of the IoT to control the color of Christmas lights around the world shows the interconnectedness of people as well as the power of the IoT. This is the third year for the CheerLights project. The story says that participants can tweet a color to @CheerLights. The command is processed by ioBridge’s ThingSpeak and distributed via the CheerLights API.

The full potential of the IoT won’t be realized if the devices can’t freely communicate with each other. For that reason, the Linux Foundation has formed The AllSeen Alliance. The alliance will build around AllJoyn, a framework developed by Qualcomm. It allows systems to discover, connect and interact with each other seamlessly. In addition to Qualcomm, founding members are Cisco, D-Link, Haier, LG Electronics, Panasonic and Sharp, according to Computerworld.

Users are a company’s biggest asset and, unfortunately, often its greatest risk. Mitigating the risk posed by users is an ongoing challenge. You can limit their access through admin rights, but you can’t always prevent them from opening corrupted emails. You can force them to routinely change their passwords, but can’t prevent them from clicking malicious links.

Chances are good that when a new employee starts at your company, you already have a process in place to train them on the systems the company uses: everything from time entry systems to using the phones to database training. Make security training part of that onboarding process, but don’t let it stop there. During orientation, teach new employees how to check if a link might be malicious, what a corrupted file might look like, how to identify a fake patch they may be asked to download, and then what to do with that information.

Be sure they can identify many of the most common tactics attackers use to trick users into helping them, and then give them a clear path for remediation if they suspect they’ve been sent a phishing email or are being asked to download a faulty patch. Once the initial orientation is completed, continue to contact users on a regular basis about new threats. Set up a monthly email informing users about new attack methods or current phishing techniques so that they know what to look for. Add real-world context and real-time updates.

Many users still think of cyber threats as a Nigerian prince or long-lost Russian uncle offering to give you $10,000,000 if you’ll only share your bank account information with him. While these email chains still exist, they are often caught in spam filters and are no longer the gold standard of phishing. Keep users up to date about real threats – phony links on Facebook, seemingly hilarious YouTube videos sent by friends that turn out to be malicious, and Twitter bots informing you that you’ve absolutely got to check out this scandalous picture someone posted of you on the Internet. Keep users’ idea of cyber threats in the modern day to keep your systems more secure.

Give users a way to react to malicious materials appropriately and then follow through when contacted about it. Users frequently treat IT as a roadblock to productivity, which can be extremely detrimental to corporate security. Don’t be that roadblock, and respond helpfully and in a timely manner when contacted about these issues.

This is not to say that you should threaten to fire your users if they don’t follow your information security policies. Rather, many users often don’t understand the potentially devastating impact of an attack – both on their organization and on themselves. The cost of a data breach can cost the company upwards of several million dollars. Stock prices can take a hit. Stolen IP can result in lost customers and lost opportunities.

In some industries, such as health care, where confidentiality of information is crucial and regulated, lawsuits can be the direct or indirect results of a breach. Companies may even experience money stolen directly from their accounts, affecting their ability to invest in their employees. For some, a single data breach may be enough to put them out of business.

Ensure that users understand the potential consequences by sharing data from surveys or news articles on the impact of breaches. If a user believes that it’s a realistic possibility that a malicious link can take down the company – or eliminate the need for their position – they’ll be much less likely to click that link.

The mandate to pay attention to security can’t just come from IT. It needs to have visible support from high-ranking company executives. Top officials need to not only be talking the talk, but also walking the walk. Users need to see that security isn’t just something for them to pay attention to – it’s a company-wide issue for each and every employee. Users are bombarded constantly with messages from different departments both inside and outside their company, but if they see that high-ranking executives such as the CEO, CFO and others are placing a high value on corporate data security, they will be more likely to prioritize the message.

Social media is a virtual treasure trove of information for an attacker. Using information posted online by users about themselves, attackers can find out information that allows them to guess security question answers – enabling them to get past customer service representatives and reset passwords. Teach users how the things they share on social media can be used to hack them “IRL” (“in real life”). You can even set up a demonstration where you attempt to “steal” a user’s ID using their easily accessible online information. They may be shocked at how easy it is, and that may be enough to galvanize them to change their behavior.

Passwords can be a user’s biggest weakness. After all, there are so many these days; it’s hard to keep track of them all. It’s much easier to just create one password and reuse it across sites and systems. Users know that this is bad behavior, but they do it anyway out of convenience. Further education and engagement can help – perhaps add incentives around password security to motivate better behavior. The real trick is to help employees make it easy to manage their passwords and keep them secure. Suggest tools that users can use to keep track of their passwords, while still using different ones across the many websites they use.

Remember, users are often the weakest link in the security chain. It’s important that you are vigilantly educating your users to remedy the risk that they pose to your organization’s security. But other areas of security should not be neglected in the pursuit of user education.

Remember, attackers are people too and they will go for the path of least resistance. If you leave your machines unpatched, they’ll go that route. If you don’t have anti-malware installed, they might go down that path. And if your users are likely to click a link from a phishing email or download a fake patch, attackers will choose that method.

An attack is often no longer a single instantaneous event, but a long process where the attacker systematically hunts down your systems’ weakness. Don’t leave the front door wide open for them, whether that means educating your users, installing antivirus or aggressively patching machines. Make sure your defense is as in-depth and persistent as the attacks threatening it.