Unapproved access or control. Unauthorized monitoring or surveillance. Spam. Device or system failures. These are just a few of the reasons the Broadband Internet Technical Advisory Group, a nonprofit dedicated to improving users’ internet experience, released a report outlining security and privacy suggestions related to Internet of Things (IoT) devices.

“Several recent incidents have demonstrated that some devices do not abide by rudimentary privacy and security best practices,” according to a BITAG press release [PDF].

Earlier this year, Associations Now reported on a study by the Online Trust Alliance, which found that the cyberattacks and data breaches on IoT devices are largely avoidable.

“In this rush to bring connected devices to market, security and privacy [are] often being overlooked,” OTA President and Executive Director Craig Spiezle said in a news release. “If businesses do not make a systemic change, we risk seeing the weaponization of these devices and an erosion of consumer confidence impacting the IoT industry on a whole due to their security and privacy shortcomings.”

While BITAG acknowledges the rapid growth of the IoT industry—which is developing everything from monitors and controls for a home’s heating and water systems to devices that can anticipate and address a consumer’s needs—it also says the industry must adhere to security and privacy guidelines to help protect consumers and internet service providers.

In the report, BITAG highlights a number of issues that contribute to the lack of privacy and security on IoT devices—ranging from an absence of IoT supply chain experience to a shortage of secure network software updates to malware insertions during manufacturing.

“In many cases, straightforward changes to device development, distribution, and maintenance processes can prevent the distribution of IoT devices that suffer from significant security and privacy issues,” according to BITAG’s press release.

Those straightforward fixes amount to 17 recommendations that BITAG believes will “dramatically improve the security and privacy of IoT devices and minimize the costs associated with collateral damage …,”according to the press release.

BITAG’s recommendations include adherence to the best practice for both software and security and cryptography in IoT devices. BITAG also recommends that the privacy policy for these devices be easy-to-find and easy-to-read, and that if a device is able to be accessed remotely by a third party, that it’s disclosed to the user. In addition, the group suggest that manufacturers create a secure software supply chain to prevent against malware and that they maintain an IoT device through its entire, intended lifespan.

“Unless the IoT device sector—the sector of the industry that manufactures and distributes these devices—improves device security and privacy, consumer backlash may impede the growth of the IoT marketplace and ultimately limit the promise that IoT holds,” said the BITAG press release.

(iStock/Thinkstock)