Given the increase in work-from home and virtual education needs with COVID-19, the most critical best practice from the consumer’s point of view may be adequate security and lockdown provisions for their home network, ASHB’s Privacy and Cybersecurity in the Connected Home underlines.
The abstraction of services via the connected-home network triggers the highest risk, given that it is the point of infiltration and exfiltration of data, services, credentials, and ongoing updates that involve the consumer and the extended world of service providers. Consumers can also encrypt their wireless network, choosing strong passwords and segregating trust and risk zones.
Vendors and service providers, for their part, need to ensure that adoption of key best practices begins at the product conception and planning stages and continues through the life-cycle of development, deployment, installation, and monitoring.
ASHB’s research, which was conducted by Frost & Sullivan, also highlighted that it is critical for the consumer to be satisfied with the functionality and usability of the product, without compromising security and privacy. Vendors and service providers must ensure that their solutions are secure and the infrastructure foolproof to deliver optimal functionality and ease of use to the consumer.
The research undertaken for the project revealed that consumers are willing to pay for a secure solution that does not compromise functionality and experience. But it is not only about willingness to pay. For vendors, there’s a balancing act around a few critical factors that can help drive the need to enhance security and privacy and guarantee ongoing customer satisfaction from their products and solutions.
These 6 key factors — and the steps for vendors and services providers to take — are listed here:
Considering these factors will help vendors and service providers understand (1) the level of security and privacy protection they can viably offer their consumers, and (2) the effect these will have on product convenience and consumers’ lack of trust and confidence in the products and solutions.
Efforts to minimize cybersecurity risk and reduce the vulnerabilities of products and solutions also come down to adherence to a strong set of best practices. Leading security research organizations and cyber-security product advocates have endorsed certain simple, yet effective best practices that can be adopted to minimize these risks. For consumers, that means:
- ensuring adequate security and lockdown provisions for the home network
- use of hardwire devices where possible
- ensuring wireless devices have push notifications to the user when offline, indicating that updates are waiting
- enabling automatic firmware updates
- mandating strong passwords
- sending all data to the cloud via a secure connection
- avoiding data storage on the device as it can be hacked
- ensuring all communication uses bi-directional encryption and mandating the checking of certificates at both ends
- using secure socket layer (SSL) pinning so the device is authenticated, rather than using the network the device is on.
Vendors and service providers, for their part, are finding it increasing difficult to surmount the growing risk exposure. In the event of a cyber breach in the connected home, technology vendors and ISPs stand to suffer the most damage in terms of losing consumer confidence, facing potential legal ramification, and harming their brand image and reputation over the long term. The risks to cloud service providers and third parties is not insignificant, but comparably less, because of the nature of their business. They are less liable because they are only responsible for offering secure infrastructure for vendors to host consumer and business data. Secure transport and management of data in the cloud are the vendors’ responsibilities.
Identified best practices for vendors/service providers are:
- Securing infrastructure by adopting industry standards, no matter how broad
- Following minimum codes of conduct laid down by industry regulatory bodies (e.g., FCC codes)]
- Considering a “carrier-based firewall” initiative that can provide a smart filter to the home network
- Sending and storing all data in the cloud via a secure connection
- Offering consumer-friendly interfaces with strong in-built security and frequent security updates
- Developing a resource pool qualified in handling cyber risks
Vendors apply these best practices with varying degrees of rigor and consistency, particularly when vetting cybersecurity features and private protection guarantees in components and applications by third parties.
Ultimately, privacy and cybersecurity are shared responsibilities, and the ASHB report proposed a measured response industry can adopt to respond to privacy and cybersecurity issues in the connected home. Below, find out what each of the four broad recommendations outlined by ASHB’s report entailed, and click on this link to download the executive summary of the report or click here to purchase the full report.