Stay Ahead of the Game – Online Security for the Connected World

• March 2023
• Grant Furlane, LocoMobi World

Smart devices are widely used by billions of people for various purposes. However, technology is constantly changing and advancing, and it is not always clear when these changes take place. As a result, the laws and policies surrounding the Internet of Things (IoT) and related technologies are continually evolving. If you do not keep pace with these developments, you run a high risk of falling victim to cyberattacks, hacking, and data and privacy breaches, which could have severe consequences.

Arizona State University, through the Global Security Initiative, has published seven tips to help you stay secure in a connected world. The Global Security Initiative is partially supported by Arizona’s Technology and Research Initiative Fund. These tips are designed to provide a basic understanding of how to maintain your security in an interconnected and technology-driven world.

According to them, these are your best bet.

1. Establish your comfort level
2. Shop selectively
3. Understand what your devices do
4. Secure your home network 
5. Configure your devices
6. Stay up on updates
7. Follow the money

They are not extensive, but at the bare minimum they remind people who are interconnected and have access to devices or systems that use artificial intelligence and machine learning to be alert regarding things like app updates, securing home internet networks and their general use of the internet and cyberspace in a safe way. 

But how will these help in future with changing and emerging technologies?

TheSmartCity.Blog Podcast co-hosts Alan Cross and Grant Furlane in Episode 6 of Season 1 discussed the future of security in the connected world with Steve Dentinger. Steve is the Vice President Sales, Canada of Dormakaba Group. Brian Storrie, President of LocoMobi World was also in the podcast which mostly focused on security with mobile credential applications.  

Steve said Dormakaba automates everything at the door or openings to make them secure through a mobile credential app. The company prides itself at being one of the top three companies for access control and security solutions in the global market. They provide secure access to buildings and rooms, with over 150 years of experience and have installed millions of products worldwide. On their website’s About page, they say that they, “offer a comprehensive portfolio of products, solutions, and services for everything related to doors and secure access for hotels, healthcare, education, shops, lodging, entertainment facilities, sports centers, airports, at home or in the office.”

Their products are very relevant and important for the development of emerging smart cities, cyber cities and smart buildings. Not forgetting the security issues that come with having access to the personal data and sensitive personal information of whole communities.

In the realm of personal asset security and access control, Steve acknowledged that physical keys are still significantly used by people to access “openings”. However, there are verticals in the industry moving towards digital keys and mobile credentials. Predominantly in the multi-housing space.

In fact, his company is the largest issuer of mobile credentials in the lodging industry. Steve said as long as someone has their app there is no need to register at the lodge lobby because you have downloadable technology to access your hotel room in a touchless and frictionless way.

Every manufacturer in the access control tech industry should have their own product-specific credentials technology app. 

Steve said the balance between convenience and security is very important for manufacturers to have in mind especially for mobile credentials. If someone for example picks your phone, they may have access to your door and your home or hotel room unless the app you are using has an additional layer of security like facial recognition or a pin code. 

So, protecting privacy in a connected world largely involves mobile encryption tech and data protection and privacy. Encryption technology has to be constantly updated to ensure security all the time. Protection of privacy is ultimately linked to the security of a system and ultra-security is necessary and has to be balanced with risk.

The principles of data protection also have to be considered in all efforts to protect people’s data on mobile credential apps as well as any other interconnected system in a smart community from door access, to the smart fridge in the kitchen, or LocoMobi World’s license plate recognition system.

These principles are:

• Lawfulness, fairness and transparency: There has to be a valid reason under law to collect and process people’s personal data for the specific smart tech purpose.
• Purpose limitation: The data can only be used to do what the resident or data subject has been told it will be used for. And the type of use they have consented to.
• Minimization: Organizations should only ask for the personal data needed for a service or utility purpose.
• Accuracy: Organizations must make sure the data collected is accurate and up-to-date.
• Storage limitation: Don’t keep personal data for longer than is required and inform the people you are collecting data from how long you will keep it for and why.
• Integrity and confidentiality: Have systems that ensure data is not changed or accessed by unauthorized third parties.
• Accountability: Taking responsibility for what your organization does with people’s information.

For these to work seamlessly there has to be an element of data protection by default and design particularly at the back end of smart platforms and applications. The main aim would be to secure all information that users do not want to be revealed to anyone including the government without their consent or even a court order. This includes sensitive personal information like biometrics that should be limited to a specific purpose with the consent of the user. 

An additional and final concept of security is allowing people to use limited identifiers especially at public access points where revealing full names and addresses can be a security threat.