Week 1: Discussion: Privacy and Corporate Liability

Innovations within technology have brought about devices that make life easier. However, to simplify or assist with everyday tasks, these devices need to be able to collect, store, and analyze the information given to them. The process of how these devices retrieve that information is where many concerns involving misuse of data and privacy breaches remain at the forefront of conversations for the manufacturers that make them and the third-party vendors that sell them. Here at Red Clay, the number one priority is to handle customers with care. We could be liable if third-party equipment recommended and installed by us, i.e., voice-activated smart home controllers, infringes on the privacy of our residential clients. Understanding what the company is responsible for and how we can further reduce vulnerabilities with these devices reduces the impact of an attack and maintains integrity with our customers.

Smart devices are only smart when connected to the internet, and the internet is prone to various risks. Red Clay should be aware of attacks such as breaches that aim to steal data and valuable information. In an article by Jaikumar Vijayan (2020), it was studied that nearly nine out of ten organizations expect to experience an internet of things related breach or cyber-attack. Yet, more than half take the steps to verify and evaluate devices. There are different types of sensors on these devices, including level, temperature, pressure, infrared, and proximity, that may all be utilized to detect voice commands and conduct other functions (Posey, 2022). These sensors can collect information that could be valuable and desired by hackers. If this information is compromised, it could cause customers and vendors alike to refrain from working with us in the future.

It is essential to understand that devices differ in how they operate depending on the operating system (Apple, Amazon, Google) so that we can remain transparent. For example, Amazon’s Alexa speaker continuously listens for the wake word, so it is ready to follow voice commands. The recordings of voice commands are encrypted by Amazon and are kept long-term unless specified by the user in the privacy settings (Fingas, 2022). While this function is needed to maximize the capabilities of the device, it could leave customers feeling their privacy is being violated. On the other hand, Apple products take their dedication to protecting privacy a little further by storing data with random identifiers, which would prevent thieves and hackers from correlating what data belongs to whom or catching and deleting false triggers before being uploaded to the cloud (Fingas, 2022). This helps us decide where and how to improve security measures for the collected data.

To prevent any misuse of data collected by devices, the organization should identify and understand any and all security protocols already in place by the manufacturer (Vijayan, 2020). For some devices, manufacturers may prevent their retailers from further configuring devices and demand that any alterations be done only by themselves. This creates another potential vulnerability, where the manufacturer has back door accesses, creating another avenue for hackers to expose associated vulnerabilities. The company must demonstrate control over these risks by maintaining a proper inventory of all devices and performing audits to ensure proper security controls are implemented.

In conclusion, Red Clay needs to understand the risks that go along with the smart devices installed and take the precautionary steps to reduce the risks of vulnerabilities. Not only would the company lose customers due to a lack of trust, but the manufacturers could also refrain from continuing business due to the negative perception from customers. To reduce the opportunity for any vulnerabilities to become exposed, Red Clay should go due the proper evaluations of manufacturers they work with and assess what can be done on our end to protect the privacy of our customers further.

Vijayan, J. (2020). 5 steps to get IoT cybersecurity and third parties in sync. TechTargethttps://www.techtarget.com/searchsecurity/feature/5-steps-to-get-IoT-cybersecurity-and-third-parties-in-sync

Fingas, R. (2022). Smart home privacy: what data is collected and how is it used. Android Authority. https://www.androidauthority.com/smart-home-privacy-3065661/

Posey, B. (2022). Smart sensor. TechTarget. https://www.techtarget.com/iotagenda/definition/smart-sensor