As dependence on home internet increases, cybersecurity threats are also on the rise. Today’s consumers face an increasing number of online security risks, from phishing to malware to data privacy. And with more content than ever available at the click of a button, parents face a heightened challenge in protecting their children from inappropriate and harmful content.

As you may be aware, Amazon takes online security, privacy, and safety very seriously, requiring that our ISP channel partners meet stringent standards. ISPs have a responsibility to help keep their customers’ networks safe, and the cost of a cybersecurity event is high. In addition to the hard cost of restoring infrastructure, customer trust is hard-earned but can quickly be lost in the event of a breach. Even for events outside of an ISP’s purview—such as a customer downloading malware that slows their computer speeds—their internet provider may be the first frustrated phone call when things appear to be out of order.

Thankfully, ISPs don’t have to bear the burden of customer network security alone. Keeping customers safe from online threats is the shared responsibility of the customer, ISPs, and eero. But there are things that ISP can help protect their customers.

So, when teaming up with eero, what can ISPs do to help keep their customers safe?

1. Provide secure network devices

The first step to securing a wireless network is to ensure that the network devices are secure. By providing eero devices, ISPs are helping to ensure that their customers’ wifi is not only fast and reliable but also secure. At eero, we combine several best practices to help minimize risk and provide maximum security and stability for home network devices.

Write secure code
When developers work under tight deadlines, fail to address security issues early on, or skip quality assurance, this oversight often leads to vulnerabilities in the code that can lead to security events. eero trains its developers to screen for issues early on and avoid introducing any vulnerabilities into the code. This helps ensure that our code is optimized for our devices and secure for customers.

Built on a secure cloud
As more data gets centralized onto clouds, they become frequent targets for attacks. While it’s essential to write secure code, where and how you store your code and data is also incredibly important. We build and deploy eero software using Amazon Web Services (AWS), with industry-leading security that supports more security standards and compliance requirements than any other cloud platform. This helps protect our software and user data managed by eero.

Penetration testing
As cyberdefense mechanisms mature, hackers are becoming increasingly sophisticated. As an added precaution, we work with third-party firms to conduct penetration testing on our products to identify vulnerabilities. If a vulnerability is found, we address the risk to strengthen the security of our products. This helps ensure that we uncover and fix any vulnerabilities before they become issues.

Automatic OTA security updates
To keep our devices as secure as possible—and to introduce great new features—we are regularly deploying new firmware to our eero devices. These updates happen automatically* and over-the-air. By removing the need for manually prompted updates, eero helps ensure that eero devices are running the latest firmware, which contains the latest security updates needed to help keep customers’ networks safe.

Secure Boot
When malicious actors access networking devices, they may install code onto the devices to control or steal data from the network. To help prevent this from happening, we use Secure Boot, a security measure that prevents non-authenticated code from running on eero devices. In other words, no one but eero can run code on an eero device.

Latest security standards
In an effort to continually improve our products and customer experience, eero Labs is constantly developing and testing new solutions for home network security. One of these solutions is the implementation of Wifi Protected Access 3 (WPA3) for networked devices. Using a new encryption method SAE (Simultaneous Authentication of Equals) and MFP (Management Frame Protection), WPA3 provides protection against offline dictionary attacks and de-authentication attacks. Today, WPA3 is available to turn on in eero Labs; however, due to potential compatibility issues with older connected devices, we rely on WPA2 as a default standard.

2. Utilize powerful and secure network management tools

Beyond providing secure devices, ISPs must use powerful and secure network management tools to help protect customer data, gain better visibility into network activity, and respond quickly during a cybersecurity event. eero Insight allows ISPs to better manage customer networks by reacting swiftly to a security incident and preemptively solving customer escalations, all while providing data in a way designed to protect their consumers’ most sensitive information.

Single Sign-On (SSO)
While some hackers may find back doors into a company’s network, too often, these malicious actors gain access simply by gaining access to login information. Logins may be acquired through a phishing scam, malware on an employee’s device, or leaked by a disgruntled employee. To help ensure system security, we provide (and highly recommend using) SSO (single sign-on) for eero Insight. This helps simplify password management and improves identity protection to help ensure that the only people who access your accounts are the appropriate parties.

Role-based permissions
Not every team member needs complete access to all customer information in eero Insight. To help limit access to sensitive information to necessary parties, eero Insight has role-based permission. Once logged in, permissions are determined by role, differentiating what people can see and do at a fleet or networking level. This protects consumers’ home networks from third-party interference—such as a Field Technician accidentally viewing or editing a customer’s network information.

Privacy by default
At every level, eero is designed with security and privacy as the default. This philosophy extends to eero Insight. Accordingly, sensitive information in eero Insight is masked by default. When someone unmasks the data manually—which is needed from time to time—audit logs will capture this activity, which Admins can then use to track any unusual activity.

Audit logs
Having visibility into the history of a network is incredibly important to resolving network issues. It is also important to identify when and where security events may have occurred. eero Insight logs and time-stamps any network changes—including actions that Support Agents may have taken. Any suspicious activities, such as a Support Agent viewing a specific network too often or unnecessarily changing settings, will be recorded and flagged, helping ISPs ensure their teams are operating to the highest standards.

Powerful network management tools
On a large-scale fleet, network issues are an inevitability. When issues do occur, ISPs require the data and tools to quickly understand and resolve network issues. eero Insight provides secure access to network information—both at a fleet level and an individual network level—and offers intuitive tools to help diagnose and resolve network issues. Furthermore, eero Insight can help ISPs identify and resolve network issues before they even escalate into problems for customers, improve customer experience, and build customer loyalty.

3. Make security simple for customers

While there is a lot that ISPs can do to help customers secure their home networks—including using secure network devices and powerful network management tools—at the end of the day, much of the power to protect their networks is in the hands of the customers. ISPs need to make home network security as simple as possible for their customers so that even those with little to no technical knowledge can successfully secure their home networks. This includes systems that are secure-by-design and easy-to-use tools to give users even more protection.

Secure by design
In order to make security accessible to everyone at all levels of tech know-how, security must be simple, intuitive, and it must be the default. Where other network systems allow consumers to manually tweak settings, risking the possibility that the consumer will unintentionally make the network less secure, eero is secure by design and default. Because our network is already optimized for maximum security and performance, we limit users’ ability to adjust the settings that might compromise their network security. This includes the exclusion of legacy security protocols like WPS, WPA1, or WEP, all of which can create security vulnerabilities for home networks.

eero Secure for more control
For those who want even more control over their home networks, customers can enjoy even more protection through eero Secure, included for ISPs with eero for Service Providers. eero Secure provides advanced threat protection, which can be turned on or off with a single toggle. Advanced threat protection safeguards home networks from malware and phishing attacks by helping prevent users from visiting known malicious websites.

eero Secure also provides content filtering options to help users control how their family uses the internet. By creating profiles, users can block specific sites and apps and select filters for the types of content users can view based on pre-set age ranges.

eero Secure+ provides off-network protection
While eero provides excellent features to help customers secure their home networks, these features do little to protect a customer when they're not on their home network. To support customers who may need help protecting their digital devices while not on their home network, eero Secure+ provides customers access to 1Password, Malwarebytes, Encrypt.me, and DDNS. These are four great tools that increase privacy, limit exposure, and prevent malware attacks whether they're at home or on the go.

1Password
1Password is a secure password manager that auto-generates strong, unique passwords and stores them in the user’s encrypted 1Password vault. 1Password can also securely store information like credit card numbers and form data. It even tracks security breaches and alerts users to change passwords they use on recently compromised sites. Best of all, users only have to remember one password, not dozens.

Malwarebytes
Malwarebytes is a powerful antivirus software that scans, cleans, and protects devices on and off the eero network. In addition to catching and preventing threats in real-time, it detects and removes malware, viruses, spyware, and ransomware from a user’s device. On mobile devices, it also blocks fraudulent calls and texts.

Encrypt.me
By masking a consumer’s IP address and encrypting their web traffic, Encrypt.me offers VPN protection to prevent sensitive information from being exposed over public networks. Fortified against common wifi vulnerabilities, this feature allows customers to safely browse and send information while off their home network without fear of exposing details like location, identity, and other Personally Identifiable Information (PII).

DDNS
DDNS (Dynamic DNS) allows consumers to set up a static hostname to securely use their home network’s devices and content when away. They can manage DDNS via the eero mobile app for easy remote access. Besides providing the ability to access content and smart-home devices while away from home, DDNS allows users to set up a private gaming server, which they can easily share with their peers.

With cybersecurity risks growing, ISPs have a responsibility to help customers protect their home networks. As an ISP, you can protect your consumers by providing secure network devices, using powerful management tools, and empowering users to easily manage their home networks. Doing so helps ensure that customers’ networks are protected from outside cyber threats and helps foster trust between ISPs and their customers.