UK government reveals smart device security guidelines

In order to make internet-connected devices safer to use following a series of security breaches, the UK government has revealed its new guidelines.

The guidelines include ensuring passwords are unique and that sensitive data transmitted via apps is encrypted.

According to the BBC, the government’s Security by Design review also advised:

  • Device manufacturers to have a point of contact so security researchers can report issues immediately
  • Software should be updated automatically with clear guidance for customers
  • It should be easy for consumers to delete personal data
  • Installation and maintenance should be easy for consumers.

Industry-wide security standards

Ian Parker, professional services consultant at Axians, commented: Hopefully this is the first step to implementing industry-wide security standards for connected devices – something that is sorely needed as they begin to be part of the fabric of our daily lives.

“In addition, it may be the catalyst, along with incoming GDPR regulations, for manufacturers to have security at the front of their minds from the beginning of the process, not simply as an afterthought when something goes wrong.

“However, IoT is only as secure as you make it. In today’s market, you cannot rely on manufacturers to produce a network-controlled device with security at the forefront.

IoT security

“Unless the IoT device is a security device in itself, the manufacturers will want to make it as cost-effective as possible with a quick production cycle.

“Security, on the other hand, is time-consuming, costs money and is not widely understood.

“It is therefore up to the consumer or business who operates it to ensure these devices – which are essentially remote controls for the world to operate – are secure and remain accessible by authorised personnel and devices only.”

Written by Leah Alger