Fred Potter, Netatmo (Legrand group) - A Cyber Hero by CaptainCyber
What is Netatmo?
Netatmo is the French specialist of the connected home. We are active in several categories of objects. Security objects with surveillance cameras, smoke detectors, objects related to heating in all its forms, thermostats, thermostatic valves for radiators in collective housing.
What are the cyber issues for Netatmo and its customers?
Cybersecurity issues? We have countless challenges. First of all, there is the security of the objects themselves, which must be resistant to attacks. We have the security of the processes with the way our customers use them, how they gain access to them and how they distribute access within the family. We have internal issues around the protection of the data we collect, obviously trying to collect as little as possible. We have organizational issues with customer support. We have manufacturing issues. We really have a huge range of very large cybersecurity programs within the company, since the trust that our customers place in us is an important brand asset and we have to be very professional with our experts.
What do you do concretely to protect your customers?
For cybersecurity issues, we try to do the work we do professionally and modestly, we collaborate with researchers who are looking for vulnerabilities in our products. We try to be proactive in implementing the state of the art in terms of cybersecurity. So, we try to work professionally on these subjects, modestly, but professionally because it is indeed a barrier to adoption and so we must address it. We are also quite lucky because we have a regulatory context that imposes respect for privacy with the RGPD, which is not the case with many of our Asian competitors. And so, finally, our products are compliant from the start. There are other companies that have much more transgressive practices on these subjects. And the fact that we are somewhat European at heart allows us, we hope in the long term, to create a differentiation on these subjects.
How do you see cyber protection in 5 years?
Today there are no IT security standards. IT security standards are coming. In two years, we will have adopted mandatory IT security standards, which means that in order to have the CE marking on your product today, we check that the plastics are not dangerous, we check that there is no electrical safety for the consumer. Well, we will check in 2 years, in 3 years, that a connected object complies with a minimum level of safety. And for that, we have to do the work. The requirements of the standard are hard to address. In the standard, there are 14 points, 12 of which are covered, and there are two on which we still need to make progress. So, on the security aspects, there is work to be done behind and in front of us.
What advice would you give to CAC40 companies?
You have to take it very seriously, otherwise you end up paying the wrong supplier.