Dan Fulmer of Fultech Solutions in Jacksonville, Fla., knows firsthand the importance of cybersecurity. Several years ago, his mother was duped by an alleged phone caller “from Microsoft” and Fultech’s own office network was almost hacked a few years ago. In the case of his mom, Fulmer caught it in time before any bank accounts were compromised. At Fultech, the company was in the midst of installing a new server and left it up over the weekend and hackers got in. Fortunately, the network had been separated with multiple virtual local area networks (VLANs) so the attempted hack was isolated.
That personal experience is one reason Fulmer led the charge for the Consumer Technology Association’s Tech Home Division to create a Connected Home Security Checklist Tool based on CTA’s Device Security Best Practices white paper.
For CE pros, it is only a matter of time before one of their clients is targeted. Creating a set of best practices for cybersecurity not only protects your clients, but is a keen differentiator in the market and an asset to your own bottom line by reducing service calls. But where do you start with your clients?
Building Cybersecurity Awareness
In the past, integrators had to bring up cybersecurity concerns to their customers, but today there is a higher chance the client might ask about it.
“Clients are not necessarily jumping on the bandwagon demanding cybersecurity protection, but they are now starting to see some of the issues that can happen in the news regarding hacks and ransomware,” admits Fulmer.
That awareness helps spark a discussion of cybersecurity when talking about the home network.
“We set up the network in every project we do. It is a standard protocol for every network we do to include some basic element of cybersecurity. We explain to customers why they need to be wary and need to have security on their home networks, especially with smart home devices today. We can lock down the network, but there is no guarantee that little Johnny isn’t going to come home one day and plug in a gaming system that opens up more holes in the network than the client is even aware of,” says Fulmer, who received the CTA Tech Home Division's 2017 Leadership Award.
Building awareness is one of the key factors to implementing a cybersecurity program without scaring people.
“We try to give them the facts so they can have a general awareness and make better decisions, then we want to be the experts behind that decision,” says Fulmer.
Fultech works in the mid market starting with $5,000-and-higher systems. At those price points, the company starts its sales discussion with clients by talking about the home network. In the past, Fultch led with the alarm system. The good news is that Fulmer says he has not seen any customers shy away from wanting smart home technology because they are afraid of being hack.
“People realize it is just part of life today. Even cord cutters are asking for more robust networks,” he comments.
Free Cybersecurity Webinar July 19: Act Before You Are Hacked!
11 Key Areas to Secure
At Fultech, the company uses the CTA Cybersecurity Checklist to full advantage – both internally with the technicians as well as externally with customers. For the technicians, it is a guideline to help them remember what to do and what to say.
“There are a lot of things you do repeatedly that need to be implemented on the network. Things like ‘Change the password on the router, modem, every IP device, and the A/V receiver; closing ports; not leaving open the DMX port; configuring VLANs, etc.’ If you don’t have a checklist, even the best technician is going to forget some step.
“That is one of the great things about the CTA checklist – whether you carry a paper copy or reference it online – it is a reminder of what to do. At the same time, it reminds us to tell the clients exactly what we are going to do, and opens up the opportunity to explain why we do it.
The CTA Cybersecurity Checklist offers CTA members a step-by-step list of actions to undertake for multiple product areas. The 11 key areas are (the top three are REQUIRED to get any benefits from further application of the checklist tactics):
- Passwords
- Network
- Modems & Routers
- VPN
- Z-Wave
- ZigBee
- Beacons/NFC/RFID
- Bluetooth
- A/V Components (TVs/receivers, game systems)
- Home Security Devices
- Mobile Devices
“You can talk to the customer about this stuff but you have to stop when their eyes glaze over,” admits Fulmer. “If they are interested, they will ask questions and we will offer specifics. But usually we stay very broad. Once they start getting bored, you have to move on, but we find that most customers are pretty interested in the basics.”
From a competitive standpoint, Fulmer tries not to think about what other integrators might be doing.
“We are comforted in the fact that we are doing it. We inform the clients that our networks cost more because of all the protective steps we are taking, but it is well worth it because they won’t have to worry about it,” he adds.
Want to learn more? CE Pro is hosting a free webcast on cybersecurity on July 19. Sign up here.
