Christie Alderman, vice president of client product and service at Chubb, the insurance specialist, offers some tips on how wealth managers can protect their clients from IoT-related hacks.

We live in an interconnected world—from smart thermostats controlling a home’s temperatures with the push of a smartphone button to camera-enabled refrigerators allowing shoppers to peek inside their fridge from the grocery store. There is no doubt that the Internet of Things (IoT) is rapidly changing how we live, eat and sleep.

Even with an abundance of new tools and technologies, according to Gartner, a US firm that provides information technology research, we are only at the tip of the IoT iceberg. By the end of 2016, 6.4 billion connected “things” are expected to be in use around the globe. That is 30 per cent higher than last year and just a fraction of the 20.8 billion connected things anticipated to be in use by 2020.

While the IoT is driving new efficiencies, there is an overlooked downside: most IoT-enabled devices accumulate, transmit and store personal data. As a result, high net worth individuals—often early adopters of technology given the size of their discretionary income and sometimes targeted by criminals because of their high profile—have the most at stake. It’s therefore critical that wealth advisors educate clients on protecting their assets.
Not you average technology risk

In today’s technology-driven world, data breaches have become ubiquitous. According to Experian, 91 per cent of all healthcare organizations, for example, reported at least one data breach over the last two years. While organizations and individuals have taken significant steps to bolster their security, hackers have also made great strides—in becoming more sophisticated with their attacks.

As a result, hacking risks now extend far beyond traditional corporate cybersecurity threats and have entered the home. Take something as simple as a wireless mouse and keyboard. For these wireless devices to synch with a computer, users must insert a mini dongle into the computer’s USB port. Failing to encrypt the connection, which many people do, means hackers can “mousejack” devices and install malicious software on a computer. Once that software is installed, hackers can capture user activity, including keyboard strokes. If a client then logs into their bank or email account from an infected computer, hackers gain instant access to sensitive password information.

Risk also encompasses a client’s car. Most luxury vehicles now come standard with Bluetooth capabilities, and many manufacturers are now rolling out WiFi features. If a driver connects their phone to the car’s Bluetooth, information stored on their phone may be put at risk.

Protecting what’s yours

Despite its meteoric risk and the number of devices available, the IoT industry is still in its infancy. There are few agreed upon security standards and many device manufacturers prioritize functionality over security. As a result, HNW individuals, along with their families and assets, could become highly exposed targets.

Fortunately, there are a number of ways wealth managers can help clients protect themselves.
•    Advise clients to examine all the pieces of their IoT puzzle. While a client’s smart thermostat and Bluetooth speaker system may all connect through a central hub, each individual device may have its own IP address and individual vulnerabilities. It’s important that each device is encrypted and only shares secure data across a client’s WiFi network. Doing so will make it harder for hackers to leverage a weak link in a client’s network.
•    Ensure the devices are secure by using a strong password. This can be achieved through using numbers, symbols, capital letters and words that are not in a dictionary. It is also important to not use the same password on multiple devices, so advise clients to use different codes across the devices that connect to their network.
•    Help clients understand the fine print. When installing an IoT device in a home, many individuals and their contractors refer to the instruction manual and then proceed to throw it out. However, in many cases, the data captured by an IoT device is shared with third-party organizations. Before tossing the instruction manual or logging into the app, advise clients to read the Terms and Conditions section so they understand how their personal information is being used and who has access to it. Taking a few extra minutes to read this information can ensure personally identifiable information does not fall into the wrong hands.
•    IoT devices can help protect property, but you must weigh the pros and cons. Some devices can send alerts for when smoke is detected, when pipes are at risk of freezing, when a water leak occurs, or can help scare away intruders – many wonderful protection measures. But, if clients are sleeping or their phone is not with them, they could miss an alert. Central station alarm systems, which are continuously monitored by a professional, may still be the best solution for some homes.

Identifying the right coverage

Despite the best of efforts, IoT hacks can still occur. Cleaning up resulting property damage or identity theft issues can cost thousands of dollars. Fortunately, there are insurance protections that can help clients avoid out-of-pocket costs and ensure they have the financial means to help repair the damage.

Determining what policy is triggered in the event of an IoT breach depends on the type of resulting damage. If the IoT hack leads to property damage—perhaps stemming from issues with a smart thermostat—a client’s homeowners policy can provide related coverage. Alternatively, if a client’s identity, bank or credit card information is compromised, they could be protected via their liability policy. Some insurance companies also offer cyber vulnerability assessments as a service to their customers. Working closely with a client’s insurance agent or broker to understand a client’s insurance portfolio can help ensure clients are protected in the meantime.

Staying ahead of the curve

The IoT industry has great promise—making it easier for people to manage their lives and helping reduce loss. But as the IoT industry matures, so too will hackers. Taking the time to talk with clients about if and how they use IoT technology and their related risks is the only way to stay ahead of the threat. Clients can’t afford for you to wait.