You know you must ask your auto salesman about mileage, design and price before buying a car — but do you know to ask how well the car will protect you from cyberattacks? Odds are, probably not; but the nonprofit Consumer Reports, known for its eponymous magazine, is trying to change that.
The organization, which has long reviewed consumer products from banks to washing machines, wants shoppers buying electronics — including cars, which are loaded with software these days — to take cybersecurity more seriously. That's why Consumer Reports announced Monday it would begin considering data security in its comprehensive product reviews.
Consumer Reports will use new standards to evaluate the quality of "internet of things" gadgets based criteria such as how secure products are and what sorts of disclosures are made when a device is collecting your data. The goal: For consumers to feel safer, and to not have to worry about the real threat of, for example, hackers taking over their baby monitor.
Creepy, right? It's a timely move by the nonprofit, as users of products like the Amazon Echo and other "smart" devices are discovering hackers and even the government (that's correct) can use electronics for data gathering — or spying.
"Consumer Reports will gradually implement the new methodologies, starting with test projects that evaluate small numbers of products," a Consumer Reports spokesman told Mic via email. "These may include product categories such as cars, smart appliances, and mobile apps."
The watchdog will also look at how well devices protect ownership, since software copyrights can sometimes make it hard for consumers to modify and safeguard their devices.
"Because it's illegal to tamper with copyrighted programming, consumers can be forbidden from diagnosing and repairing machines they've bought," Consumer Reports wrote. "In general, when consumers buy products, we think they should be able to alter, fix or resell them."
Previous surveys suggest there's strong demand: 65% of Americans surveyed by Consumer Reports reported being "slightly or not at all confident" that their data was secure. The watchdog is also arguably filling a void left by government regulators. In early March, the Federal Communications Commission voted to roll back requirements that internet service providers take reasonable steps to safeguard customer data.
The new standards also come at a time when devices other than computers are increasingly vulnerable to cyberthreats or privacy violations. In February, TV manufacturer Vizio came under fire from regulators for harvesting consumer data without adequate disclosures.
If you're going to buy smart devices, the Better Business Bureau recommends treating them the same as you would a computer. Make regular software updates (which often include patches to address security flaws), use rigorous passwords and pay especially close attention to any cameras or microphones, since hackers can sometimes activate these features remotely.
You might even want to take a cue from Facebook founder Mark Zuckerberg and tape over your camera and mic.
Still concerned? Look into cloud-based security tools and consider locking down your home WiFi by frequently changing passwords, creating a separate network for guests and learning about AP Isolation. Reset your devices and add a new password, especially if the default was the ubiquitous "admin" password.
Also, think about going the extra mile by using encrypted email, which can help protect your personal information and secure you from phishers. Finally, consider setting the default search engine for your in-device browser as one that doesn't track you.
Sign up for The Payoff — your weekly crash course on how to live your best financial life. Additionally, for all your burning money questions, check out Mic's credit, savings, career, investing and health care hubs for more information — that pays off.