The Need for Stronger Cybersecurity Laws

Evolving technologies have allowed companies to create connections with their consumers at a close personal level.

TUT Staff

Evolving technologies have allowed companies to create connections with their consumers at a close personal level. We see them interact to tweets and use memes, the language of the majority of the buying population of millennials, as part of their community management.

All of these are happening in record speed — such is the nature of the Internet of Things. However, helpful this is for entrepreneurs and artists hoping to leverage on the opportunities laid out by the digital landscape, there is no doubt that this is what security nightmares are made of.

Security and safety of digital assets

Most companies, especially those who rely heavily on website transactions are always told do the same things: get an SSL certificate and apply for Payment Card Industry Data Security Standard (PCI DSS). But as technology evolves, so, too, the many ways the websites can be hacked and compromised.

The internet allows us to combine daily life with advanced communications technology. Just take voice assistants as an example. The Google Home and the Amazon Alexa do not just stream music or voice-activated internet searches, it can also be used to control our homes. There are other devices like the new pacemakers which can send and receive information from doctors using the internet.

Just like any innovation though, there are risks involved. There might come a time when personal data is not the only information compromised. Who is to say that no one can hack into your voice assistants and control your house remotely? How about the losses involved when devices that have a direct effect in a society like the Internet-connected pacemakers or self-driving cars are hacked or infected with malware?

The key is in creating effective and even more advanced security features to protect consumers. The responsibility falls on manufacturers to ensure that no breach is going to compromise important digital assets, some of which can cause physical danger to their consumers. However, there is no monetary incentive to do so; which means companies will not see the need to invest in cybersecurity measures.

What happens now is consumers will keep buying these products, unaware that their information is at risk of being stolen. And our current liability laws still make it easy for companies to shrug these problems off and not be accountable for the vulnerability of their products.

Lawmakers to step in to create strong cybersecurity measures

Today, California is still the sole state in the U.S. which has a law regulating the internet, especially devices sold in within the state. The law called SB 237 will take effect in 2020 and requires all devices which can be connected online to have a “reasonable security feature.”

This legislation will require companies to set up security measures that will protect the device from malware and hacks, and the information saved on it. The only person allowed to interpret the law as they see fit is the California attorney general, which means much lobbying from tech companies is expected.

Another example is the European General Data Protection Regulation (GDPR) which is responsible for all of the pop-ups you have been seeing on websites. This informs visitors of the website’s privacy policies and how information is being sent to and from them for each time they visit.

These legislations are far from being an effective measure to protect consumers from online threats, but it is a start. It is laws like these that extend beyond the physical borders and affect how online transactions will be done worldwide.