The Government is urging tech firms to embrace a new voluntary code of practice for manufacturers of connected devices, developed to tackle widespread data privacy concerns by ensuring that security measures are embedded into the design process.
The move follows the publication of the Security by Design review in March, in which the Department for Digital, Culture, Media & Sport (DCMS) and the National Cyber Security Centre (NCSC) laid out their recommendations.
The Government predicts that there will be more than 420 million Internet of Things devices in use across the UK within the next three years and but there are fears that poorly secured devices such as virtual assistants, toys and smartwatches can leave people exposed to security issues and even large scale cyber attacks.
A recent lab report from Kaspersky found that IoT malware had tripled in the first half of 2018, with attacks such as malicious cryptocurrency mining, DDoS attacks and botnet activities becoming more prevalent and harder for manufacturers to tackle.
Minister for Digital Margot James said: “From smartwatches to children’s toys, internet-connected devices have positively impacted our lives but it is crucial they have the best possible security to keep us safe from invasions of privacy or cyber attacks. The UK is taking the lead globally on product safety and shifting the burden away from consumers having to secure their devices.”
The code is made up of 13 guidelines and includes secure storage of personal data, regular software updates to make sure devices are protected against emerging security threats, no default passwords and making it easier for users to delete their personal data off the product. However, so far only two manufacturers – HP and Centrica Hive – have signed up.
But Judy Krieg, privacy, security and information partner at legal firm Fieldfisher, said that companies could pay a high price for shunning the code: “Although this is a voluntary and contains security recommendations, any IoT manufacturer would be hard-pressed to explain why they have not adhered to this guidance.
“Particularly in the case of a cyber weakness in the design of an IoT product, this document would be an important tool for both regulators and private litigants to show the expected standard of care. Irrespective of whether a company wants to affirmatively sign up to the code, they ignore it at their great peril.”
The post New voluntary code for IoT devices sparks warning appeared first on HireGDPR.
No comments:
Post a Comment