Just as a business continuity plan helps a company continue operations when problems arise, a residential continuity plan (RCP) can do the same for the systems in a home.
Business continuity planning is defined by Investopedia as “the process involved in creating a system of prevention and recovery from potential threats to a company.” The plan ensures that personnel and assets are protected and are able to function quickly in the event of a disaster. Investopedia further states that “business continuity planning involves defining any and all risks that can affect the company’s operations, making it an important part of the organization’s risk management strategy.”
In a typical home, creating an RCP may seem like overkill. If a light switch stops working, there is little impact to the people in a home. Any electrician can rectify the situation in very short order. On the other hand, while a smart home can provide tremendous convenience, energy savings, and additional safety features for a family, it also adds risks that should be mitigated through proper planning.
Residential continuity planning can assure a smart home is reliable and will service a family for years to come. It can mitigate the risks that come with the added convenience and safety provided by smart home systems. However, the process of creating a plan, especially for a complex, highly integrated, home, may require the assistance of a professional integrator.
The primary risks to a smart home, as I see them are a lack of proper network security, power problems, equipment failures, software updates, loss of internet access and or third-party service integration, lack of physical security for break-in/fire/water leaks, and lack of computer file backups.
Zero Trust Network Security
Network security is a foundation of an RCP as it can impact so many other areas of a home if it is compromised. The best approach to network security is Zero Trust, which is a security concept that requires that all devices connected to a network should not be trusted by default. The primary aim of Zero Trust is to prevent unauthorized access to information or systems on a network.
Traditionally, companies assumed that systems outside the firewall (on the internet) cannot be trusted, but systems inside the network (behind the firewall) could. This assumption no longer holds true in the age of ransomware, where an infected system on a private network can compromise other systems on the same network. A good Zero Trust implementation should help prevent such compromise.
Zero Trust is a security principle, so unfortunately there is no single product that can help anyone achieve it. An RCP that incorporates Zero Trust requires a combination of technologies and security practices. Because new systems are usually added to a network and may require new security safeguards, Zero Trust is really a journey, rather than a destination.
Today, the typical home has computers, tablets, and mobile phones, all connected to the same home Wi-Fi network. In addition, a smart home will have some combination of connected home appliances, streaming devices, security cameras, baby monitors, smart speakers with a built-in voice assistant, smart home processor/hub, smart light switches, and smart thermostats.
Homes are connected more than ever and, in some cases, have even more connected systems from different manufacturers than some commercial businesses. With so much connected to a single Wi-Fi network, a compromise of one device can lead to theft of critical family data (files, financial information, pictures, and videos) and a loss of privacy. The FBI recently warned of cases where a hacker has compromised a security camera in a home, contacted the police with a bogus emergency, and watched the chaos unfold as a SWAT team arrived.
An RCP that includes a Zero Trust implementation for the home can help prevent this. Zero Trust for the home can be achieved with a combination of technologies and good security practices, by combining security basics with existing technologies at home.
Start by categorizing connected devices at home into computers and smart home devices. Computers (including tablets and phones) are typically highly interactive systems and can be used to connect to just about any available system on the internet (including bad ones). Smart home devices (including appliances, cameras, etc.) typically connect back to the vendor’s cloud, for management and updates. Your Zero Trust implementation can only be as good as technologies that you have available and the practices that you follow.
Home Router Security
The home router may be supplied by the internet service provider (ISP), purchased at a big box store and installed by the homeowner, or installed by a professional smart home integrator. Make sure that login access to the router is configured to require a very strong password to view and make any changes. If applicable, make sure it is configured to disallow management over the internet.
Configuring a Home Firewall
The home firewall is typically integrated with the home’s router. Make sure that it is configured for the highest level of security possible on the firewall. A high level of security will typically ensure that no inbound ports are open on the firewall. If possible and applicable to your environment, restrict all outbound ports to 80 and 443. These are typically the only two ports required to connect to internet and cloud services. Smart home devices may require additional outbound ports to be open.
Many firewalls include logs that record all activities. Always enable this feature if your home firewall has it.
Wi-Fi Network Security
The home Wi-Fi is typically integrated with the home’s router. Depending on the size of the home, there may also be additional mesh network nodes or access points that extend Wi-Fi coverage. Make sure that the SSID (wireless network name) requires a very strong password for device connection. If there is a guest network, make sure it requires a very strong password, as well.
If the option is available on your Wi-Fi system to create multiple wireless networks, consider creating different networks for different groups of devices on your network to isolate each group. For example, put all your cameras on one network, baby monitors on a different network, TVs and streaming devices on another network, etc. In many cases, mobile phones and tablets need to be on the same network as some devices – like streaming devices – to control them.
If your Wi-Fi system allows, configure it to use an external DNS that can block access to malicious websites. This improves web surfing security for all systems on your network, including blocking your smart home devices from connecting to bad sites.
If your home Wi-Fi has a log, please enable it to track and log activities on the network. This allows you to review activities on your network as required.
Do not allow guests to connect their devices to your home network. Only provide them with access to the router’s guest network
Securing Smart Home Devices
For all smart home devices, make sure that each is set with a very strong, unique password that is not easy to guess. Never use a default password set by the vendor.
For all devices that support multi-factor authentication (MFA) – such as some cloud-managed security cameras – make sure to enable this feature. Enabling MFA on a cloud-managed security camera makes it improbable that someone will hack the camera to spy.
Computers, Tablets, and Mobile Device Security
For all computers on the home network, make sure that they all require very strong password to login. For all tablets and mobile phones, make sure they all require a PIN. Ensure computing devices auto-lock when not in use.
Confirm that all computer systems have active anti-virus and anti-spyware software that are regularly patched.
For email, make sure that your provider includes anti-malware software.
The above processes, when followed diligently, will get a home network closer to Zero Trust.
Minimizing Power Problems
Power problems not only can leave any home in the dark, but they can damage sensitive electronic equipment that is the core of a smart home. While damage that a power surge can cause is fairly obvious, a brownout can also damage expensive electronics.
As part of an RCP, the risk of power issues damaging a home should be mitigated. A backup generator can provide power during blackouts. However, they are expensive and may only be justifiable for those who live in rural areas, live in an area with unreliable power and are subject to frequent blackouts, or live in an area where the loss of power can have catastrophic consequences such as in very cold climates.
Even if a generator isn’t needed, critical computer equipment, including smart home processors/hubs, should be protected with an uninterruptible power supply (UPS). Preferably the UPS should include automatic voltage regulation (AVR) technology to help protect the attached equipment from voltage variances.
While a UPS will also protect the components plugged into it from power surges, it is a good idea to protect the remainder of the electronics in a home using a whole-house surge protector. These should be installed by an electrician.
The creation of an RCP should include the choice of the correct UPS(s) and surge suppressor. It requires careful planning to choose models with correct capacity to meet the power needs of the home and the equipment being protected. Backup generators are expensive and may not be required for every smart home. The risks and benefits need to be explored to decide whether the purchase of a generator is necessary.
Planning for Smart Home Equipment Failures
One of Benjamin Franklin’s many oft-quoted lines is, “In this world nothing can be said to be certain, except death and taxes.” If he were alive today, he might have included “equipment failures” in that famous quote. While buying expensive, high-quality equipment may postpone the inevitable, trying to save a buck by purchasing a cheap, low-quality, product will just mean that the need to purchase replacements will come that much sooner. That isn’t to say there isn’t a middle ground where long lasting, good quality, equipment can be found for a reasonable price. For example, how many people still have a working VHS player stuck in a closet or basement?
Two types of components seem to be prone to failure: power supplies (especially the small plug-in ones that so many manufacturers use today) and devices with moving parts, such as fans, solenoids, and hard disc drives.
A good RCP will include purchasing spares of items that are either prone to failure or are critical to the operation of the smart home. A good schematic that shows the relationship between all the components in the smart home can help identify the critical components.
It can be prohibitively expensive to purchase some spare parts. For example, a large video matrix switcher used to distribute video throughout a home can be a very expensive item. However, simply providing a local cable box, satellite receiver, or streaming media player at the primary TV in a house will allow a family to continue watching TV even if the video switcher, or even the smart home processor/hub, fails.
With this approach, it is also important to make sure that the manufacturer’s remote controls for the TV and all the peripheral devices are also available. This highlights the importance of planning for failures and not just trying to deal with them when they inevitably occur.
Similarly, through residential continuity planning, make sure that all critical systems, such as the HVAC system in a tightly integrated home, can operate without the overall smart home system being operational. Something unforeseen could occur that, for example, makes it impossible for the homeowners to operate the HVAC system through their smart phones, tablets, or dedicated touch panels. In this case, there should be a backup way to operate the HVAC system so there is no risk of pipes bursting in the middle of the winter or the family having to swelter in the middle of a summer heat wave.
Managing Software Updates
Life used to be simpler. Computers were standalone devices. Nobody had considered breaking into computer systems (other than possibly those at a bank). And, there were no automatic, forced updates that would take place out of a user’s control. Unfortunately, that isn’t the world we live in today.
Software updates have become a necessary evil. We live in dangerous times, and hackers are continuously trying to break into computer systems. And, while you may think that you aren’t a target, everyone is. Back in 2016, a botnet of security cameras was created to perform a distributed denial of service (DDos) attack that crippled Dyn, a domain registration service. If you aren’t keeping the IoT devices, including all your smart home devices, up to date with the latest security patches then you are placing your own home and others on the internet at risk.
There is a downside to applying updates to all your computer systems. As these systems have become more sophisticated and complex, the chance of a software update having the unintended consequence of breaking features you rely on has increased. This has led to two possible strategies for applying updates:
- Being up to date is always better and you should always install all updates.
- If it isn’t broken, don’t fix it. Only install updates that patch security vulnerabilities or one that fixes a problem you are experiencing.
While both of these approaches are valid, option two comes with its own risks. Today, many updates include security patches that fix vulnerabilities in a system that if left un-patched could be exploited by hackers. If you don’t want to always keep your systems up to date, then you need to rigorously review the release notes that most manufacturers publish with each update to make sure there aren’t security issues being addressed by the update.
Finally, you should also be aware that if you call a manufacturer for support because you are having problems with a product, the first question you are going to be asked is whether the software is up to date.
Internet Access and Third-Party Service Integration
A reliable internet connection is becoming more and more critical for any home, not just smart homes. To assure continuous access to the internet, most businesses will use special routers that have two WAN ports and pay for two ISPs. Should one ISP have a service interruption, then the router will automatically route all internet traffic to the second ISP. Unfortunately, dual WAN port routers are typically expensive, they require advanced skills to configure, and there is the additional cost of maintaining service from two ISPs.
The development of an RCP can work through whether a dual WAN port router is a justifiable expense for a family. If it isn’t there, there is an alternative that can help a family through the rare situation when their internet goes down: using a cell phone as a Wi-Fi hotspot.
When using a cell phone as a Wi-Fi hotspot, it is easy to connect laptops and anything that includes a Wi-Fi radio to the internet. It will be more challenging to connect devices that only have a wired Ethernet connection. Creating the RCP will provide the planning needed to determine the best way to get all critical equipment back online.
Physical Security – Break-in/Fire/Water Leak
Just like other valuable assets in a home, the automation system is subject to theft, damage from fire, and damage from a water leak. Proper planning can mitigate these risks.
There is real value in integrating a security system with the other systems in a smart home (lighting, control, HVAC control, etc) to help protect the homeowners and other occupants of the home. The following can keep both the people in the home and the smart home equipment safe during a break in and fire:
- Turning on interior lights to allow people to quickly exit the home
- Flashing exterior lights to help first responders to quickly locate the home
- Sounding an interior siren to alert the people in the home
- Opening motorized shades and unlocking doors to make it easier for people to exit and first responders to enter
- Using a monitoring service to assure help comes quickly
There are additional precautions that can be taken to protect smart home equipment:
- Hide the equipment in a closet or locked room so it is difficult to find
- Assure that equipment is in a location that is safe from water leaks
- Install smoke and heat detectors with the smart home equipment as any piece of electronic equipment, under the right circumstances, can cause a fire
- Place a fire extinguisher near the equipment that is safe to use on electronics
Proper planning can minimize the damage should security issues arise.
Computer File Backups
Backups are an important part of an RCP. Most people understand the need to backup their computers. Hard drives only have a limited life, and nobody wants to lose their documents, photos, financial information, etc. Network attached storage, also referred to as a NAS drive, is an inexpensive solution for backing up multiple computers. Multiple hard disc drives can be installed in most NAS drives so even if one drive fails, the other drives will take over and no data is lost.
However, in addition to a local backup, all your data should be backed up outside your home in case of a fire, flood, or other disaster that might destroy both your computers and your NAS drive. Cloud services such as Google Drive, OneDrive, iCloud, and Dropbox are all reasonable choices for off-site backups.
But, with a smart home, more needs to be done. There are many IoT devices in a home that require special settings, and they should be saved so you don’t have to figure them out all over again if the device requires replacement or a problem occurs that requires restoring the device to its factory configuration. For example, if you have a router problem, you should be able to reset your router and quickly restore the previous settings in just a few minutes.
Many IoT devices provide a way of saving their settings to a file on a local computer. If an IoT device doesn’t include this functionality, then the second choice is to simply write down the settings and put them where they won’t get lost. This can either be done electronically or manually on a piece of paper.
At first glance, the best approach would seem to be using a device’s built-in functionality to save its settings. Unfortunately, if your router breaks after it is out of warranty, and you have to purchase a replacement, the new router will probably not be able to load the data file saved by the original router. Now, you are forced to re-create the settings on the new router from scratch. So, saving the settings in a document, or simply on paper, can be the better choice, in some circumstances. What will work best, in your specific circumstances, requires thought and planning. What is most important is that there is a plan for backing up critical systems and that the plan is rigorously followed.