HOMEOWNERS ARE JUST AS VULNERABLE to IoT-related security attacks as business owners, but they’re even less aware of it and thus even more likely to get hacked. Every MSP, integrator, VAR, and IT consultant knows that cybersecurity can no longer be ignored, but most homeowners never make the connection between cybersecurity and their smart devices. That gap creates opportunities for channel pros to address what could be a very serious problem.
Many consumers have embraced the Internet of Things without even knowing it. While a smart fridge keeps their shelves stocked and a smart coffee maker keeps their brew warm, most consumers forget that those devices communicate with each other and over the internet. That may not be a big deal when it comes to cooling milk in the fridge, but it becomes a major problem when a hacker can access their security camera, door locks, lighting, and other IoT-controlled systems.
Part of the security problem comes from how IoT devices communicate and which protocol they use. Devices that support the Z-Wave protocol, for example, “don't require Wi-Fi to communicate with each other and are known for their state-of-the-art encryption, which is why Z-Wave is used by most of the big smart lock manufacturers,” says Mark Samuel, CEO of eZLO Innovation, a manufacturer of smart home IoT products in Clifton, N.J.
Yet, standardizing on Z-Wave or any other encrypted communications protocol is only part of the solution. Failure to follow best security practices is also a concern. “One of the biggest issues with smart devices is that neophyte installers do not take security seriously enough,” says Evan J. Leonard, president of Chips Technology Group, a Syosset, N.Y.-based MSP. For example, he explains, if the installer doesn’t change the default password, a hacker could get in with minimal knowledge.
Lack of standardization is another obstacle. Many manufacturers use firmware and software developed in-house to manage their devices, and ease of use oftentimes trumps security.
For the most part, security has been an afterthought in the IoT market, which has led to bold, open source projects such as Zephyr, a Linux Foundation initiative aimed at creating a secure, real-time operating system for IoT embedded devices. Such projects need time to make an impact, however, so for now channel professionals must take the helm to protect smart homes from cybercriminals.
If you’re targeting the connected-home market today, start with these best practices:
Education: Homeowners need to be educated on the risks associated with IoT, which range from hacked devices eavesdropping on them to remotely disabled home security systems.
Inventory: Every IoT or connected smart device should be recorded, tracked, and accounted for.
Installation: Installing IoT devices should always be more than a simple plug-and-play process. Configure devices manually to ensure they’re secure and protected from external and unauthorized access. Remove all default password and account settings as well.
Management: Unified management is the key to controlling how IoT devices are used, managing how they interact with each other, and keeping them secure. A management hub enables automated updates and the identification of anomalous behavior.
Expansion: For most homeowners, smart technology adoption starts with just a device or two, such as a Nest thermostat or a Ring doorbell, and then proceeds gradually over time to alarm systems, automated lighting, voice control solutions, entertainment options, and countless other devices.
Maintenance: Keep systems patched and software updated, and manage changes to profiles, policies, and devices.
While the true revolution of the smart home is yet to come, opportunities abound for channel pros seeking to build a business model around the numerous services related to the connected home.