We are seeing an up-tick in enforcement actions from the Federal Trade Commission regarding vendor cybersecurity claims. The FTC’s recent settlement with D-Link, a major vendor of networking equipment and cameras, is just the latest example (a link to the settlement agreement appears below). The FTC charged the company with “participat[ing] in deceptive acts” when the company advertised that its equipment included top-of-the-line security measures Although D-Link will avoid paying any fines, it must fundamentally overhaul its engineering and development processes. The company must also submit to an independent third-party review of all of its development processes and code.
Vendors need to be wary of the claims they make on their sites. Superlative phrases such as “100% secure”, “unhackable”, and “top-of-the-line” security carry with them significant risks, yet marketing people still love to use these phrases, creating risks for their companies. At the same time, mature buyers know there is no such thing as 100% security or an unhackable device. So why bother using these phrases?