The holidays are fast approaching so your clients are starting to think more about those packages left on their front porch or whether leaving the box that the new TV came in on the driveway is the best idea. This conversation is also coming up because of last week’s news out of South Korea; a group of unidentified hackers had recorded and distributed photo and video files from the smart home security devices of more than 700 apartment complexes. Your clients are probably also asking you to explain — and explain again — exactly how they can be assured that their home is safe from prying eyes and ears. Here are some tips to help you through that discussion.
- Your router is the first line of defense.
Anyone who has had private information stolen while working on an open network will tell you that the Wi-Fi must be protected by a strong password. That’s exactly what went wrong in South Korea; there multiple apartments in one complex often have their wall pads all connected through a single subnet. This makes the network easier to maintain but also makes it easier for hackers to infiltrate. Instead, integrators can change the Service Set Identification (SSID) — or the name of the Wi-Fi network — to make it harder to find. Then the client needs to use a good, strong password to secure that network and close it.
2. So don’t put your business laptop and your smart oven on the same network.
A 2019 FBI warning suggested that homeowners keep their most private, sensitive data on a separate system from IoT devices. Most routers allow for a secondary network for guests, which can be used for smart home devices. If your client does get hacked through a smart home device, the malware that infects the smart home device network is unlikely to infect devices on the main network.
3. Individual devices are protected by different passwords.
It might feel convenient for your client to use the same password for some of their connected devices (this is less for whole home connectivity and more for DIY devices like Alexa Echos or Nest cameras), but it’s just too easy for a hacker to slip in there if so. Instead, suggest that they use a random password generator and use a password manager to remember them all.
4. Show the client your limitations.
In 2020, an ADT home security customer found an unfamiliar email address connected to her account. This led to an internal investigation that uncovered an ADT technician who had spied for nearly five years on hundreds of customers.
Your clients definitely want to know that won’t happen to them. Some professionally monitored systems, such as Comcast and now ADT, limit the actions technicians can take while installing security systems. This might include disallowing them from adding email addresses to accounts or viewing any recordings. Whatever system you install, show the customer who exactly has administrative access to their account, and whether you have access for technical troubleshooting but not cameras.
5. Educate them on what to watch out for.
Even if their security system is being professionally monitored, homeowners like to feel like they are in the know. Make sure they know some of the red flags, such as if a security camera acting below normal performance. This might be an indicator that an attacker is trying to access the camera. (Although it could also mean the Wi-Fi is poor). Of course, any strange activity from their devices — like a voice that’s NOT Alexa taunting you through a camera or speaker and cranking up the heat, which happened recently to a Wisconsin couple — is more than likely a hacker, not a nightmare monster.
6. Maybe don’t remind your client of the above while installing their smart home system.