Imagine you have recently been operated on and a pacemaker has been inserted into your heart to help regulate its beat. It has the ability to change the rhythm that your heart beats at and can deliver life saving treatment should your heart refuse to stop beating at all. Now, imagine that there are millions of these devices and that they come under cyber attack and are reprogrammed to send the heart into potential cardiac arrest. This was the worst case scenario that has presented itself in the recent St Jude Medical Heart Device* legal case.
Johnson and Johnson recently announced in a press release* that its insulin pumps were vulnerable to cyber attack. The pumps called One Touch Ping could release a lethal dose of insulin should they come under attack. These are just two examples of what Gartner *predicts to be one of the biggest trends in IoT-security.
Australia has invested heavily in the Internet of Things and startups, particularly in the area of health. We are also seeing large growth in markets such as Accessibility and Personal Emergency Response Systems. With this growth , comes a higher level of risk and accountability should a cyber attack occur. Currently, there is no requirement by law to have security measures in place to protect that technology from attack.
It really comes down to the sense of social responsibility on the part of the start up or company operating in these fields. Silicon Valley recently released a Social Responsibility Guide for Startups. The guide has been put together by the Silicon Valley Community Foundation. The concept is a good one. At a businesses inception or during early operating years, strategise and implement a plan that outlines the contribution or role you want your business and employees to play in society.
It’s very comprehensive and asks startups to consider a few things in the ways of operating such as:
- Involvement in local community.
- Creating a business culture that is committed to making a difference in society.
- Donating a portion of profits from products sold or discount said products to assist certain charities.
- Build sustainability practices into the workplace and manufacturing environments.
- Ensure diversity is embraced and practiced.
- Formalise and publicise your social responsibility into a charter.
No one could criticise the the guide in terms of the value it can add to any startup. It is filled with strategic and practical ways to ensure that any new business could implement a very comprehensive social responsibility plan. With one exception…safety.
As seen above, security and vulnerability to attack is going to be one of the major threats for all IoT businesses, but particularly startups moving forward. Startups often are just focussed on getting the business up and running. This in itself is fraught with complexity. This is the phase however, when new businesses are most vulnerable and things can go wrong. Hence, the perfect time to have the social responsibility charter and especially the safety component of that, clearly woven into every day business practices.
From a business positioning perspective, incorporating safety into the social responsibility charter creates a strong market positioning for your product. It also assists with sales, as safety becomes a point of entry for purchases. In addition, it means that your business has standards, guidelines and operating procedures around safety that are already established. This will help to safeguard your business against attack, future prosecution if attack should occur and competitor fear driven PR tactics, as has been intimated by St Jude in their St Jude case.
The incorporation of safety into the social responsibility charter also helps to keep the industry self regulated. Should the industry become regulated, there is little control over the restrictions and requirements that will be placed upon businesses which may result in a loss of freedom and may force you to implement changes in your business plan and operations that you do not want.
The implications of incorporating safety into a social responsibility charter will be significant at an operations level. It will mean investment in employees, software or third party organisations. However, compared to the alternative, this is by far the better option. Some might suggest that security belongs on a business plan, yes that would be correct. One might also expect to see the tactical implications of a social responsibility charter implementing strategies to do with donations of products and environmental sustainability reflected in a business plan. However, the role of a social responsibility charter is to publicly declare to employees, community and consumers where your business stands on issues affecting community and it’s welfare. It can direct and guide business plans and certainly affects the day to day operations of any startup.
Social responsbility isn’t just community engagement, charity contribution, sustainability and diversity. For anyone operating in the accessibility, PERS and telehealth markets, it has to also be about safety and security. It needs to be broader and all encompassing and incorporate a fundamental thing- safety principles and practices for it’s consumers, staff and the industry. We have an opportunity to make a real difference in the quality of people’s lives. Let’s ensure that job gets done by incorporating safety into our social responsibility charter.