Given the increase in work-from home and virtual education needs with COVID-19, the most critical best practice from the consumer’s point of view may be adequate security and lockdown provisions for their home network, ASHB’s Privacy and Cybersecurity in the Connected Home underlines.

The abstraction of services via the connected-home network triggers the highest risk, given that it is the point of infiltration and exfiltration of data, services, credentials, and ongoing updates that involve the consumer and the extended world of service providers. Consumers can also encrypt their wireless network, choosing strong passwords and segregating trust and risk zones.

Vendors and service providers, for their part, need to ensure that adoption of key best practices begins at the product conception and planning stages and continues through the life-cycle of development, deployment, installation, and monitoring.

ASHB’s research, which was conducted by Frost & Sullivan, also highlighted that it is critical for the consumer to be satisfied with the functionality and usability of the product, without compromising security and privacy. Vendors and service providers must ensure that their solutions are secure and the infrastructure foolproof to deliver optimal functionality and ease of use to the consumer.

The research undertaken for the project revealed that consumers are willing to pay for a secure solution that does not compromise functionality and experience. But it is not only about willingness to pay. For vendors, there’s a balancing act around a few critical factors that can help drive the need to enhance security and privacy and guarantee ongoing customer satisfaction from their products and solutions.

These 6 key factors — and the steps for vendors and services providers to take — are listed here:

1. Ease of use and convenience
Educating consumers on security benefits and the importance of properly enabling devices and solutions.
2. Offering a reliable, breach-proof solution
Ensure product reliability and consistent performance; make cybersecurity mandatory; institute standards compliance.
3. Guarantee of data/device security and privacy
Educate consumers on proper security practices; Ensure data and device security by adopting best practices
4. Willingness to pay
Offer pricing models such as building services around a product; Neutralize setup challenges and help justify nominal price increases.
5. Investment in cybersecurity
Provide the cost of inaction to internal teams; make cybersecurity a business responsibility directly linked to revenue heads, not costs
6. Transferring cost to the consumer
Meet consumer expectations on secure product development and deployment; where possible, offer pricing models that help channel part of the cost to the consumer

Considering these factors will help vendors and service providers understand (1) the level of security and privacy protection they can viably offer their consumers, and (2) the effect these will have on product convenience and consumers’ lack of trust and confidence in the products and solutions.

Efforts to minimize cybersecurity risk and reduce the vulnerabilities of products and solutions also come down to adherence to a strong set of best practices. Leading security research organizations and cyber-security product advocates have endorsed certain simple, yet effective best practices that can be adopted to minimize these risks. For consumers, that means:

  1. ensuring adequate security and lockdown provisions for the home network
  2. use of hardwire devices where possible
  3. ensuring wireless devices have push notifications to the user when offline, indicating that updates are waiting
  4. enabling automatic firmware updates
  5. mandating strong passwords
  6. sending all data to the cloud via a secure connection
  7. avoiding data storage on the device as it can be hacked
  8. ensuring all communication uses bi-directional encryption and mandating the checking of certificates at both ends
  9. using secure socket layer (SSL) pinning so the device is authenticated, rather than using the network the device is on.

Vendors and service providers, for their part, are finding it increasing difficult to surmount the growing risk exposure.  In the event of a cyber breach in the connected home, technology vendors and ISPs stand to suffer the most damage in terms of losing consumer confidence, facing potential legal ramification, and harming their brand image and reputation over the long term. The risks to cloud service providers and third parties is not insignificant, but comparably less, because of the nature of their business. They are less liable because they are only responsible for offering secure infrastructure for vendors to host consumer and business data. Secure transport and management of data in the cloud are the vendors’ responsibilities.

Identified best practices for vendors/service providers are:

  1. Securing infrastructure by adopting industry standards, no matter how broad
  2. Following minimum codes of conduct laid down by industry regulatory bodies (e.g., FCC codes)]
  3. Considering a “carrier-based firewall” initiative that can provide a smart filter to the home network
  4. Sending and storing all data in the cloud via a secure connection
  5. Offering consumer-friendly interfaces with strong in-built security and frequent security updates
  6. Developing a resource pool qualified in handling cyber risks

Vendors apply these best practices with varying degrees of rigor and consistency, particularly when vetting cybersecurity features and private protection guarantees in components and applications by third parties.

Ultimately, privacy and cybersecurity are shared responsibilities, and the ASHB report proposed a measured response industry can adopt to respond to privacy and cybersecurity issues in the connected home. Below, find out what each of the four broad recommendations outlined by ASHB’s report entailed, and click on this link to download the executive summary of the report or click here to purchase the full report.

Agile response plan

Dealing with connected-home cybersecurity and privacy infringement needs agile and dynamic solutions. Ideally, vendors and service providers should adopt an enterprise-wide response plan to strengthening their cybersecurity posture, a secure system development life-cycle approach, and a privacy-by-design perspective to building solutions.

Consumer Engagement

With new technology experiences, a consumer’s needs for cybersecurity and privacy protection will continually change. Proactively reaching out to customers to assess their changing priorities, privacy concerns, and expectations is a way for vendors and service providers to maintain relevant and acceptable cybersecurity and privacy best practices that resonate with consumers.

Document best practices

It is critical to be both internally and externally prepared to address evolving cyber threats and privacy breaches that connected devices can inflict on consumers and organizations alike. Seeing expert advisory services to confirm internal policy effectiveness, soliciting external accreditations, and following a core set of best practices is important to help boost market acceptability of solutions and build consumers’ confidence.

Collective Compliance

Collaboration between industry peers is critical to ensure collective adherence to prescribed standards and guidelines on cybersecurity and privacy compliance. This will help confirm that partners and third-party integrators are fully compliant with their embedded offerings to help position a robust and secure end-to-end solution for the consumer. In addition, training, education, and policy initiatives can be led through such collaborations.