Bulletproof’s range of cyber security, data protection and compliance services are your best defence against threats to your business. With nearly a decade of providing trusted security services, we’re continuing our mission of solving the greatest cyber security & compliance challenges through innovation and simplicity. Explore our range of services and find out how Bulletproof can help your business.
Helping people solve their security challenges is what we do, so we’re always keen to hear from you.
Find out more about penetration testing – what it is, when you need it, and why it’s a core component of any business. Discover how pen test helps with compliance, powers best practices, and helps your organisation win new business.
Get peace of mind that your data protection is being managed by trusted, certified consultants. All Bulletproof data protection services are delivered by our highly trained, experienced and qualified staff.
Go beyond compliance with information security services that are designed to give real operational benefits to your business. All delivered by seasoned, certified Bulletproof security consultants.
No matter what your cyber or compliance challenges, Bulletproof is here to help. We like to work with you as a trusted partner to solve problems, not sell services. No pressure tactics and no false promises.
At Bulletproof we love to solve problems with simplicity & innovation. It’s our mission to make compliance & cyber security services accessible to all. We take pride in building and nurturing teams of exceptional talent, so we’re confident that our cyber security & compliance services are the best way to stay one step ahead of the hackers and protect your business.
Helping people solve their security challenges is what we do, so we’re always keen to hear from you, no matter what you have to say.
Keiran Mather
Bulletproof red team demonstrate a novel approach to evade static analysis in Linux malware.
Read More
Businesses that incorporate Internet of Things (IoT) into their daily operations have rarely, if ever, had access to so many resources to help improve your customer reach, collect more personal data and reduce your internal operational expenses due to IoT automation. IoT devices are ubiquitous, and as technology advances, so does the invention and use of connected devices within workplaces and our homes.
With the excitement of transforming our daily lives to become smarter, more efficient and improve your business processes, IoT also poses challenges to your business in relation to data protection and security breaches. In this blog, we define Internet of Things, discuss the pros and cons of IoT to businesses, and why GDPR matters when we talk about IoT.
Internet of Things is a term that describes a network of devices that are connected to the internet and transmit data in real-time, with the aim of obtaining information, analysing it, and taking an action via automation. IoT devices include CCTV cameras, smart devices such as watches, thermostats and security alarms, and doorbells, to name a few.
Many years ago, IoT used to be seen as a thing for the future, but not anymore. Of the 29 billion devices predicted to be connected to the internet in 2022, telecommunications company Ericsson estimate that 18 billion of those will be web-enabled IoT devices used to process data.
Industries, including healthcare, have already embraced connected devices and are using them to enhance their products and services to customers. For example, IoT devices are streamlining the control medical professionals have over their patients' treatment by using monitoring devices to record an individual's vital signs, such as heart rate, blood pressure, pulse, and respiratory rate.
The importance of IoT cannot be overstated. Companies that have adopted IoT technologies are able to reduce overheads, save time, and improve both employee productivity and the customer experience. Additional advantages of IoT include:
During the COVID-19 pandemic, IoT made it possible for many businesses to continue to trade even when staff were working remotely. However, IoT technology just like any other, has its drawbacks. Considering the high number of devices that would have to communicate with one another for its potential to be maximised, potential vulnerabilities are automatically created thereby making it possible for a malicious actor to gain unauthorised access to the system.
Through one compromised device, it is possible for all the devices on a network to be corrupted in one fell swoop. That is why there is an ever-increasing number of security and privacy incidents occurring due to vulnerabilities found in IoT devices, such as:
Even the most unlikely of IoT devices are susceptible to a data breach, including a fish tank. In 2017, hackers managed to gain access to a casino's network and database via a thermostat in one of their internet-connected fish tanks. The smart thermostat consisted of sensors that helped to regulate the tank's water temperature, cleanliness and food supply. By hacking into the fish tank, the cybercriminals were able to steal 10GB of data that was transferred to a device in Finland.
One of the most ingenious methods of gaining access to personal information is also an example of how vulnerable IoT devices can be, especially if they're not adequately protected. This incident highlights the importance for businesses to understand IoT devices and how they can provide opportunities for hackers to infiltrate networks to access unauthorised data. Also, it shows why GDPR matters for IoT, as compliance shows businesses can be entrusted with customer data, no matter what devices or applications are being deployed across the organisation.
Data protection legislation states that personal data should be processed in a manner that ensures appropriate security is attained. Therefore, it is the responsibility of businesses to ensure that any IoT technologies are protected by security controls, and that they are GDPR compliant if they collect personal data.
GDPR applies to the entire data supply chain, including IoT devices. So, it's wise to raise awareness around data collection to both employees, customers, and partners, detailing what data is being collected, how, and why. Also, customers should be made aware of how data will be protected from a data breach. To remain GDPR compliant, any organisation that incorporates IoT should be aware of the following:
Given that Internet of Things has enabled organisations to collect more personal data than ever before, the potential for the misuse of the data has grown. Consequently, besides the need to have appropriate security measures in place to protect personal data from hackers, organisational measures like policies and regular security awareness training are also required. Additionally, if your business uses third-party processors to carry out tasks that involves the use of personal data, third parties are legally required, under Article 28 of the GDPR, to guarantee that adequate security controls are in place to protect the personal data and the rights of the data subjects.
Internet of Things is prevalent across many industries and organisations, and with IoT devices providing businesses with another method to capture personal data, it is important for companies to understand how to maintain GDPR compliance. As well as the number of benefits IoT devices provide businesses, let's not disregard the pitfalls that can be exploited by cybercriminals to gain access to personal data. Businesses need to ensure they understand the risks posed by IoT to customer data, and what can be done to remediate any vulnerabilities that may exist with IoT devices to secure personal data against a breach.
As an experienced DPO and Data Protection Consultant, Adindu has a wealth of insight into helping businesses overcome their compliance challenges through expert advice and guidance.
Our GDPR consultants are certified and experienced data protection experts. Find out more about how we support organisations across a range of industry sectors, successfully guiding them through the complex responsibilities of GDPR and data protection.
If you are interested in our services, get a free, no obligation quote today by filling out the form below.
I'd like to receive Bulletproof communications about relevant services and events
For more information about how we collect, process and retain your personal data, please see our privacy policy.