The Internet of Things (IoT). What does IoT even mean? It may not be a common household term, but in this current day in age, it’s all around us every single day. So what is it? Simply put, the Internet of Things is connecting everyday devices to the internet.

Examples of this can be things like electronic personal assistants like Alexa and Google Home. Connect that with smart light bulbs and you can control the lighting of your house when you aren’t even home.

Our cars even fall into this category now! If you connect your phone and calendar to your car, it sees that you have a meeting somewhere and already loads the route with the least amount of traffic. These are all examples of the IoT.

The modern office is a great place to look for an example of the Internet of Things and how it can help.

Time Clocks 

Time is money and every minute counts.  If you’re not tracking your employee’s time to the minute, you’re likely losing over $1,000 per year.

Really?  Over $1,000 per year.

Let’s say your employees make an average of $15 per hour and you have two full-time CA’s.  If their time cards are off by an average of 5 minutes per time card entry, you’re likely paying an extra 20 minutes per day in wages.

That extra 20 minutes of wage per day works out to be only $5 per day.  No big deal.  But is it really no big deal?

Assuming 50 weeks worked per year (2 weeks vacation), 5 Days per week, we get 50 weeks x 5 days/week x $5/day =  $1250 per year or just over $100 per month wasted.  Now that’s a big deal. 

By using a time clock that is connected to the internet and has a cloud-based application for reporting is an essential component to managing your payroll expenses.  There’s a ton of companies that do time and attendance programs.  I recommend uAttend as the pricing is very affordable, the clocks are great and the software is really easy to use.  It’s what we use at my company.

EMV Terminals

When it comes to credit card terminals, the days of plugging a terminal into a phone jack in the wall are long gone.  Modern terminals all connect securely to their gateways through the internet.  More sophisticated terminals will communicate with a software application further increasing its capabilities and security.

For example, a standalone credit card terminal that worked independently of any software platform opens you up to fraud and embezzlement.  How?  It’s easy to process refunds on random credit cards when using such a terminal.  Those refunds pull funds from your bank account and place them on the embezzler’s credit card.  Then they go to the ATM and withdraw the cash.

I’ve seen examples where doctors have had over $100k stolen from them over the course of many years exactly that way.  Standalone credit card terminals are for mom and pop shops, not real businesses.

It is crucial that the credit card terminal you use in your business does not allow refunds to be processed like that.  This is why you should only be using a terminal that is controlled by a software application where you can grant permissions to your users.

For example, you can give the permission of refunds to an office manager whereas the front desk person does not have that permission.  Thus, any refund the front person wants to do, they have to have the office manager do it.  

In addition, the refund should only be allowed to occur against the original card used to make the purchase.  This also prevents embezzlement in that you can only put a refund on a credit card that was used to make a purchase.

Lastly, the amount of the refund must be limited by the software to be no more than the amount of the original purchase.  

For example, if a specific card was used to make a $100 purchase, a refund could only be placed back on that same card for up to $100.  And that refund could only be performed by a user who has the permission to do so.

This is vastly more secure than leaving a standalone credit card terminal on your front desk where anyone could swipe a random card for a refund and steal from you.

Smart Lightbulbs

Smart bulbs’ connectivity allows users to turn lights on and off using voice control or smart-home routines, or remotely through smartphone apps. No need to get up to use a light switch any more: a simple command can turn on every light in the building.

There are quite a number of benefits to using smart lighting.  From an online review, the following benefits were commonly listed.

• An ENERGY STAR®️ – certified smart bulb uses 70 to 90 percent less energy than a traditional bulb, thus saving you money.
• The average incandescent bulb has a lifespan of 750 to 2,000 hours. In contrast, the smart lights can work continuously for 35,000 to 50,000 hours, causing your lights to last longer.
• IMany of the best smart-lighting options includes motion-detection features, so bulbs turn on or off depending on whether someone is in the room. This feature can be programmed to send alerts to mobile devices when unexpected motion is detected, both inside or outdoors.
• Easy-to-use light customization. You probably use certain lights at set times. Smart bulbs can be preset to turn on, dim, or turn off at specified times.
• Many can be set to change color or alter a room’s mood with settings ranging from bright and efficient to relaxing.

Patient Education Programs

Patient education programs are a great way to help grow your practice. There are a variety of ways to help educate your patients and using IoT systems with a web-based educational TV program is quick, easy and trendy. With a small device that plugs into a TV in your reception room or treatment rooms, you can have new content each week. Plus, you can customize your own channel to further promote your services, products, and events.

You typically need a computer with internet access and then you connect that to a TV monitor with either a VGA or HDMI cable. You can use this service on any computer in your office, even to play on the computer screen(s) when it is not in use.

While your patients wait—even if it is only for a few minutes, they could learn something new or be made aware of a product or service they didn’t know you offer. This increases your practice revenue with your current patients, and also opens the door to more referrals.

What About IoT Security?

With all these devices connecting to the internet, you need to take precautions to ensure you are not opening yourself up to security breaches. 

According to the Open Web Application Security Project (OWASP), here are the Top 10 IoT vulnerabilities you need to be aware of.

1. Weak, guessable, or hardcoded passwords – “Use of easily brute-forced, publicly available, or unchangeable credentials, including backdoors in firmware or client software that grants unauthorized access to deployed systems.”
2. Insecure network services – “Unneeded or insecure network services running on the device itself, especially those exposed to the internet, that compromise the confidentiality, integrity/authenticity, or availability of information or allow unauthorized remote control.”
3. Insecure ecosystem interfaces – “Insecure web, backend API, cloud, or mobile interfaces in the ecosystem outside of the device that allows compromise of the device or its related components. Common issues include a lack of authentication/authorization, lacking or weak encryption, and a lack of input and output filtering.”
4. Lack of secure update mechanisms – “Lack of ability to securely update the device. This includes lack of firmware validation on the device, lack of secure delivery (un-encrypted in transit), lack of anti-rollback mechanisms, and lack of notifications of security changes due to updates.”
5. Use of insecure or outdated components – “Use of deprecated or insecure software components/libraries that could allow the device to be compromised. This includes insecure customization of operating system platforms and the use of third-party software or hardware components from a compromised supply chain.”
6. Insufficient privacy protection – “User’s personal information stored on the device or in the ecosystem that is used insecurely, improperly, or without permission.”
7. Insecure data transfer and storage – “Lack of encryption or access control of sensitive data anywhere within the ecosystem, including at rest, in transit, or during processing.”
8. Lack of device management – “Lack of security support on devices deployed in production, including asset management, update management, secure decommissioning, systems monitoring, and response capabilities.”
9. Insecure default settings – “Devices or systems shipped with insecure default settings or lack the ability to make the system more secure by restricting operators from modifying configurations.”
10. Lack of physical hardening – “Lack of physical hardening measures, allowing potential attackers to gain sensitive information that can help in a future remote attack or take local control of the device.”

Twenty years ago we never would have thought that things like this were possible! As you can see, with the right precautions, taking “normal” devices and making them “smart” can save time, money, and stress! So why not take advantage of some of the technological advancements in your office that you may not have thought of? Head over to our Facebook page @cashpractice and let us know some ways you are using the IoT in your office. 

Originally featured in the May 2020 issue of Chiropractic Economics

Check out our other articles!