As a relatively new industry, IoT (Internet of Things) poses an inherent cybersecurity risk for businesses. Since IoT started out in the 1990s, many business devices have been hacked, ranging from refrigerators and TVs to large industrial control systems and critical infrastructures. New California law on IoT security is focusing on data privacy, with two separate IoT security laws that went into effect January 1, 2020.
What Is IoT?
IoT systems are interrelated networks of devices or objects that are linked via internet connectivity. Smart security systems, connected appliances, smart factory equipment, and shipping container and logistics tracking operations are just a few examples of IoT systems. These can contain a wide range of devices, including medical devices, copy machines, headsets, smart appliances, televisions, and more.
Why Get IoT Security?
IoT devices are connected to the internet, which leaves them vulnerable to cybersecurity attacks. In a successful attack, a hacker can gain control over the entire system by targeting one device. This makes powerful IoT security essential for protecting your business. Read on to learn about California law on IoT security, and find out how to prevent hackers from accessing your system.
In addition to safeguarding your IoT system, ensuring NERC CIP compliance is crucial if your business operates in the energy sector, as non-compliance can result in hefty fines and penalties.
IoT Cyber Security Programs In California
The framework of IoT laws has been confusing in the past, with many different companies, organizations, and segments having their own, incompatible standards. Due to a previous lack of regulations and cyber security programs in California to protect IoT systems, many of today’s IoT devices lack built-in security features. They are unable to support security measures such as encryption, and can’t safeguard against cyberattacks, putting businesses at risk.
IoT Safety Tips
This means business owners must actively ensure the safety of their digital system. A few ways to do this are:
- Use strong passwords and change them regularly
- Regularly update systems
- Install security patches if possible
- Perform regular audits
But these measures alone are not enough to fully protect your IoT system. To gain full 24/7 safety from cyberattacks, it is crucial to use a specialized IoT security framework to protect your data. Safeguarding all hardware with the latest security programs requires a professional who knows exactly what they’re doing when it comes to IoT security.
Business operators should make sure to use the most cutting-edge systems on the market, as these will provide the most advanced and up-to-date cybersecurity. Hackers know how to manipulate older technology, meaning business owners need new security technology if they want to successfully protect their data and hardware.
California Internet Of Things Security Law
Two California Internet of Things security law landmarks went into effect January 1, 2020, enforcing new IoT security regulations. These are SB-327 and the California Consumer Privacy Act (CCPA).
SB-327
SB-327 was approved in 2018, and requires IoT device manufacturers to include appropriate security features in all connected devices. The security must “protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure” to protect consumers’ information privacy.
CCPA
The California Consumer Privacy Act (CCPA) increases liability for any companies that improperly handle the data of California citizens. In the case of a data breach, a company may be fined, as well as sued by individuals. This can be financially disastrous for California businesses. The CCPA’s legislation still contains many gray areas and is complicated for most businesses to correctly carry out, making it necessary to hire a trained expert who is familiar with IoT security in California.
Older California laws, including the Internet of Things Cybersecurity Improvement Act of 2019, have also set up expectations for businesses to protect the data of customers and clients. According to existing law, businesses must permanently dispose of customer records when they are no longer needed, and take measures to protect any personal information they have of California residents. The CCPA adds more regulations and complexity to these responsibilities, as well as higher stakes if companies fail to protect consumer data.
California IoT Security Law Requirements
Most California IoT security law regulations focus on two safety aspects: user authentication and protection of hardware. SB-327 specifies that California businesses must authenticate the identities of any IoT system users by either having a different preprogrammed password for each device, or by using multi-factor authentication. Verifying user identity helps to prevent outsiders from accessing your system and data.
Physical IoT Security
But authentication isn’t the only important part of IoT system security, as many cyberattacks actually spoof the system hardware. This lets them gain access to your network by impersonating real users and getting around authentication measures. To prevent these attacks, it’s necessary to use physical security to guard any hardware in your IoT network, whether your system is old or new.
Another good reason to install physical security in new systems is that even IoT devices manufactured in 2020 may still not be secure. The devices covered under SB-327 may not include all devices in an IoT system, such as headphones with built-in microphones, and other devices not connected to the internet. Even non-internet connected devices can pose security risks if any intruders physically come near them, meaning it’s crucial to have a secure system in place to safeguard all hardware from attacks.
How to Protect Your California IoT System
Some effective security measures for California businesses with IoT systems are setting up complete surveillance camera monitoring, door access control to any areas with IoT devices, and intrusion alarm systems. This establishes complete protection for your system by making sure no unauthorized people can come near it. For high-security user authentication, advanced systems such as biometric readers are available, which scan fingerprints and faces to verify identities.
IoT is an emerging technology with laws that are not fully finalized, leading to difficulty and even financial damages in California businesses trying to protect their systems and data. If you need security experts who are familiar with California IoT security laws, contact Safe and Sound today. Our team has the expertise to protect your IoT system from end to end.