Navigating Smart Home Data Security Concerns

Smart homes are no longer science fiction. But many consumers are slow to adopt. They're worried about smart home data security breaches—and rightly so.

Photo of a hacker and a smart home doorbell

The connected homes and buildings that were once considered science fiction are finally seeing the light of day. However, now that a connected future is here, consumers are slow to adopt the technology and skeptical about the devices furnishing their surroundings. In many cases, they are worried about smart home data security—and rightly so.

Consumers become warier about smart home data security with every breach. When you consider the frequency of data breaches around the world—be they at a credit card company, a store or a website—it’s easy to understand that consumers have plenty of cause for data security concerns.

Data breaches are becoming frequent. Gemalto Security’s Breach Level Index reports that the total number of records breached every second, minute, day and hour nearly doubled from 2016 to 2017. It also estimates that more than 9.7 billion records have been lost or stolen in the last five years.

Improper Data Use Looms Over the Internet of Things

In addition to data breaches, there are also instances of improper data use. Earlier in 2018, Facebook was involved in a controversy related to how Cambridge Analytica obtained, used, and allegedly retained information about 87 million Facebook users, according to CNBC. Considering the massive amounts of data received by the platform, it’s easy to understand consumers’ concern.

In light of all of this, some consumers are approaching connected devices with extra caution—especially when data-collecting technologies pervade every nook and cranny of our daily lives: work and play alike. Before consumers bring these smart devices into their homes, they want to ensure their personal information and data will be secure. In addition, they want to feel confident that Wi-Fi enabled devices—e.g., smart thermostats or security cameras—won’t inadvertently give malicious actors easy access to their homes. The IoT revolution comes with risks—but risks we can address.

Solution Providers Respond to Smart Home Data Security Concerns

Recent events also have changed the way manufacturers think about collecting data from consumers. In Jabil’s 2018 Connected Home and Building Technology Trends Survey, 69 percent of participants noted that the recent focus on data privacy has made them rethink their plans to collect and use data from smart devices. This trend was even stronger for companies that manufacture connected devices for consumer use, probably because both recent events dealt with consumer information.

The European Union’s (EU) General Data Protection Regulation (GDPR), which took effect in May 2018, requires all companies that do business online with or market to individuals in the EU to take extra steps to protect users’ personal information. At its core, the regulation requires companies to:

  • Explain what user data will be collected and how it will be used
  • Require individuals to give clear consent to have their data collected
  • Allow individuals to submit requests to have their data deleted
  • Safeguard any collected data and promptly notify users of data breaches

Although the rule was created by the EU, it applies to all companies around the world that are trying to connect with people in the EU.

In response to these events, of those solution providers rethinking plans to collect and use data, 55 percent said they will monitor market sentiments to understand what their consumers find acceptable when it comes to data security. Sixty-two percent said they will be more careful about rules and regulations governing data security and privacy.

Although the GDPR has furthered the discussion about data privacy, no additional regulations have been enacted yet. Most countries do not have any regulations guiding the Internet of Things (IoT) or protecting consumer data. In the U.S., there are some guidelines for how a connected device should be designed, but there are no mandates to follow these guidelines. However, considering the growing number of data security issues, governments worldwide could conceivably choose to step in and add regulations to protect consumers.

Designing Connected Home and Building Solutions with Data Security in Mind

Due to the fact that there are currently no minimum requirements for smart devices, there isn’t a standard of implementing cybersecurity into these devices. Many manufacturers approach cybersecurity from a cost and value perspective. If the cost of adding a data security chip outweighs the value the company will gain for the added feature, the designer will not add it to the product. Similarly, if the end-user is not willing to pay more for a high-security device, the manufacturer does not stand to financially gain very much from incorporating extra cybersecurity protocols. Clearly, we need to develop better standards for smart home data security protocols.

One less costly security option that we’re experimenting with at Jabil is using digital authentication certificates. This method does not add a hardware cost to the product. Instead, these certificates are codes that you can inject into the products at the factory-level during production. The codes digitally certify the products and create a secure link with the receiving end.

As the IoT market evolves and more consumers are willing to convert to connected homes, market demand for cybersecurity features will undoubtedly increase, which will give manufacturers the justification they need to build more secure products.

Collecting Data Presents New Business Opportunities

Despite its risks and challenges, data collection can be beneficial to both solution providers and consumers. Nearly 60 percent of Jabil survey respondents said they plan to use collected data to identify and solve problems with devices and connectivity. More than half plan to use it to understand user behavior and guide product development, while 45 percent will use it to provide reports to end-users. In these cases, data collection will beget better user experiences.

Data collection goes beyond improving user experiences. Device manufacturers also see opportunities to use data to build new revenue streams:

  • 34 percent of participants plan to connect the big data to retailer databases for cross-selling and cross-branding opportunities
  • 31 percent want to use the information for marketing and thought leadership insights
  • 25 percent plan to sell the data to determine supply and demand trends

These strategies also have some value for consumers. For example, a smart refrigerator participating in a cross-selling program could remind a consumer that they are running low on milk and offer coupons or advertisements for sales at local stores. This adds a level of convenience for the consumer.

However, if brands plan to share and sell consumer data, it’s important to make the consumer aware of how their data will be used. According to a 2018 survey of 2,000 U.S. consumers by enterprise technology provider Ooma, 72 percent of people who already have smart home data security systems worry their providers will use the devices to invade their privacy. Manufacturers could take a page from the GDPR and include clear, easy-to-understand terms and conditions with their connected home and building solutions that explain the risks and benefits of the device’s data collection approach. This can help build greater trust between users and the device, plus help the users better enjoy the convenience the system provides.

Data Security Begins at Collection

When asked about their plans, 99 percent of solution providers agree that their products will collect data. However, there is no consensus on where this data will be stored. About two-thirds plan to store the data on the connected device itself, which is the most frequently reported form of data collection. But it’s also common for the data to be collected in the cloud, in on-premises infrastructure or on a local device such as a smartphone or laptop. Solution providers will need to take the necessary steps to ensure data is secure and private—no matter where it’s housed.

There are always going to be skeptics who choose to opt out of the latest smart devices for privacy reasons, fearing smart home or smartphone data security breaches, but it’s unlikely that these individuals will be in the majority. If you think back 10 years ago before Facebook really rose in popularity, most consumers would not have been comfortable telling people that they are away from home and staying at a certain hotel. Now, there are 70 billion transactions happening on it every day. This has changed the way people interact with the world and made them more comfortable sharing their world with close friends, acquaintances, and even strangers. In just a few short years, more consumers will be accustomed to connected devices in their homes as well. Smart home data security is definitely a major concern, but it’s an issue we can navigate collectively as change-makers.

Written by Sam Salem, Senior Director – Technology and Strategic Development, Connected Consumer Technologies, Jabil.

Jabil (NYSE: JBL) is a manufacturing solutions provider with over 260,000 employees across 100 locations in 30 countries. The world's leading brands rely on Jabil's unmatched breadth and depth of end-market experience, technical and design capabil...
Jabil (NYSE: JBL) is a manufacturing solutions provider with over 260,000 employees across 100 locations in 30 countries. The world's leading brands rely on Jabil's unmatched breadth and depth of end-market experience, technical and design capabil...