How too many Home Technologists are exposing themselves to serious liability, and don’t even realize it...
Many Home Technologists have not realized the level of responsibility they inherit as soon as they provide, upgrade, or agree to manage the local network of their clients. Not only do you become responsible for the overall performance of this network, but you also bear sole responsibility for its security and potential vulnerabilities. But it’s not like you have a choice. Clearly you need to provide a solid network foundation for all of your devices to communicate reliably. 10 years ago this was no big deal as there was only a small handful of devices to deal with. So the Home Technologist could simply provide some cheap network gear and “call it good”, leaving a lot of money on the table and exposing themselves to heavy legal responsibility along the way.
As a Home Technologists you could easily have given this part of the project to an IT company with deep experience in networking. But 99% of them decide to handle this themselves. Just plug everything in and forget it. As long as it just “seems” to work it’s all good right? Wrong! An IT company would take a very different approach.
First off they most certainly would have provided a maintenance contract. They’d certify all of the cabling before installing gear. They would bring a solid understanding of potential security issues and effective ways to prevent them. They would make sure all of the default passwords had been changed (you are doing this right?!). They’d select a strong WiFi password and put a plan in place to change it twice a year. If the client wanted “012345” as they password, they’d make him sign a statement releasing them from responsibility for any security breach. They wouldn’t use the client’s name or street address in the SSID. They’d document firmware versions and schedule regular times to perform updates. And lastly, they would never agree to do any of this without putting in place a remote supervision system. This is how you deal with a network when it’s your job and you want to be taken seriously.
If you’re managing networks, and not regularly performing every step listed above, you’re playing with fire! This isn’t about home cinema anymore. It’s about the very security and privacy that our clients hold most dear. As the IoT craze grows, a surge of cheaply-made connected devices are coming online daily, exposing untold amounts of our client’s data. Whole new criminal enterprises will begin to emerge from those looking to profit from data about what, when, and how these families are doing. It is our job to keep them safe. As Shelly Palmer said in his CEDIA keynote, “Everything that could be connected will be connected. And everything that could be hacked will be hacked”. He expanded on this by saying “What our business is about to turn into makes the NSA look like a walk in Disneyland”.
For the moment many Home Technologists are singing “Don’t Worry, Be Happy” because “every little thing’s gonna be alright”. Right? As a Home Technologist do you even know if your insurance policies cover the professional liability you have inherited? What do we think will happen when the first client takes his Home Technologist to court because someone stole his data? Of course no network on Earth is 100% safe. But once this Home Technologist faces a judge he’ll have to prove that due diligence was done. His client was provided with all possible measures to avoid this security breach.
Our industry is sitting on a powder keg. We need clear rules and codes of conduct to be put in place immediately. The good news is that there are plenty of easy ways to ensure your clients are secure. Providing high quality network components is just the beginning. The real security comes when you put best practices in place within your company, and religiously enforce them. Simple steps like setting strong passwords and performing regular firmware updates go a very long way towards protecting your clients, and minimizing your professional risk. Just ask yourself a simple question every time you touch a network: Have you done your due diligence?