The Secure “Smart Home”
By: Jon Polly | Jan 07, 2021
We have entered a time where many homeowners are turning their home into a “Smart Home”. Where Kleenex and Band-Aid brand have become the call brand for facial tissue and adhesive bandages; today the “Smart Home” call brands consists of Amazon, Google, and Apple. Today we have doorbells and cameras that send video to our smartphone when packages arrive. We have virtual neighborhoods to alert us of dangers prior to its arrival at our door. We rely on smart locks to unlock the door with a digital key from our phone. A “Smart Home” is quickly becoming a way of life for many, and with a market forecast of $151.8 Billion, a very profitable business for some.
For most, there should be a concern that a “Smart Home” brings some security dilemmas. Any network attached device is now susceptible to a cyber-attack. Cybercrime Magazine reported in 2019 that 60% of all small businesses close within 6 months of a cyber-attack. Many small businesses, from Etsy to multiple employee service companies, are operated from the home. The “Smart Home” offers a network attached residence with sensors from multiple manufacturers, each potentially offering a susceptible opening to the digital world.
If the desired outcome is a “Smart Home”, security must be part of that. The following should be considered in order to make the “Smart Home” secure, and this is still not a guarantee that the homeowner won’t be the victim of a cyber-attack.
Secure the Network
In this digital age where more and more are “cutting the cord” to cable and going to streaming services, the need for higher speed bandwidth is required. Most people receive a router provided by the Internet Service Provider (ISP) that offers both hardwired and wireless networking options. Upon receiving the router, many homeowners leave the default settings in place and enjoy life. So did everyone else in the neighborhood. This leaves the door wide open to anyone trying to attack or spy on them. Most homeowners don’t believe it will happen to them. Stories of attackers using baby monitors and Nanny Cams to spy on families, or putting ransomware on a Keurig to make a person pay for a cup of coffee before it works; prove it can, and probably will happen.
The homeowner needs to take steps to secure their network. Steps to accomplish this involve purchasing a separate wireless router that the homeowner can control (ISP routers have remote access that cannot be controlled). Turn off the Wi-Fi on the ISP router and create a homeowner specific Wi-Fi. If a setting is set to default, change it. Run everything in the home through the separate router and use the ISP router as a pathway only to the network. Have a firewall, either in the wireless router or a separate router, and configure it so that data can go outbound, but the bad actors cannot come in.
The home is the safe haven and no one wants a thief inside, either through the physical door or the digital one.
Research Platforms and Devices
There are many different Internet of Things (IoT) devices to make the “Smart Home”. Most devices work with one of three platforms: Amazon’s Alexa, Google’s Nest, or Apple’s HomeKit. That being said, not every device is the same. A recent conversation with a telecommunications provider employee provided insight that they were not allowed to have either an Alexa– or Nest–enabled device in their home by corporate policy because they were not secure enough. The verdict was still out on Apple. What that means to the average homeowner is what level of security are they willing to relinquish for the comfort of the “Smart Home”? How much extra hardening of the network must be done to be secure?
Secure the Devices
Once a platform has been decided on, the homeowner begins to populate the system with devices. These devices may be bought from reputable online sources or in box stores; or they may be bought at bargain prices from unknown websites or received as gifts. The latter may become even more questionable as to security.
The first step once a “Smart Home” device is connected is to secure or harden it as best as possible. Simple things like putting on a strong password can be the best first step. Upgrade firmware if possible. Disable remote-management access. If a feature doesn’t make sense and gives an option to turn it on or off, as rule of thumb, turn it off. Read the fine print for manufacturer suggestions. Do not connect to social media. Install security software on computers in the residence and on a smartphone connected to connected devices. If possible, enable Two-Factor Authentication (2FA) to prevent prying eyes from getting in without the homeowner knowing.
The Professional Value
The “Smart Home” offers the home owner full control of their comforts. Technology companies have entered this arena to offer the Do-It-Yourself (DIY) solution: intrusion panels and wireless devices, remote central stations, network attached cameras with cloud storage, and network connected locks. The residential security provider has lost a foothold in securing the home.
While the DIY providers have made it simple for the homeowner to install and connect devices quickly and efficiently, the security provider is still the expert. The DIY offers little to no support, they offer minimal to no networking experience, and leave the homeowner vulnerable with a network security device. There is no direct customer service and no one to answer the phone when the homeowner experiences an attack.
The residential security provider brings more value over price and can create the “Smart Home”. They can provide and secure the network. They can provide and program the “Smart Home” devices. They can offer varying levels of support for either installation or troubleshooting when the homeowner gets stuck. To accomplish this, the security provider needs Cyber Liability Errors and Omissions insurance and security technician(s) with training in network hardening.
Homeowners envision a home filled with gadgets and gizmos, voice activated lights, and app–controlled devices. The “Smart Home” was the home people saw as the future. It is now, and they can have it already. The “Smart Home” brings conveniences never experienced, but it also brings security concerns. While most homeowners will lock the physical door, it is just as important to lock the digital door to the home.