How Secure Are Your Employees’ Home Networks?

Published on 21st May 2020 Author: Rob Black

Everyone: “Rob, why don’t you deposit checks from your phone?”

Me, Pre-Pandemic: “Use the app on my phone? Are you crazy? The bank is right around the corner. It’s so easy to deposit checks there. If my phone were stolen, the attacker would have a leg up on getting my banking information. I feel safer at the bank.”

Me, Post-Pandemic: “Go to the bank? Are you crazy? My phone is right here in my pocket. If I go to the bank, I have to touch all of the buttons on the ATM. I feel safer at home.”

In case you hadn’t notice, times have changed. No more so than in the way business is being conducted. Anyone who can work from home, is. Which means there is a lot of data — much of it confidential — passing back and forth among your employees, customers, vendors and others.

Changing Risk Models

Over the past several weeks, we have had many interesting conversations with our clients regarding their corporate networks. In short, there is extraordinarily little data on them.

All the laptops have left the building and, other than some manufacturing operations and other need-specific uses, it’s mostly just a bunch of lonely printers wondering where everybody went in such a hurry.

And yet, despite the huge shift in data traffic from internal networks to home networks, we continue to see a focus among our clients’ customers on the former, as they remain primarily concerned with internal cybersecurity compliance.

Of course, security of the corporate network is still important. But the risk model has changed dramatically over the past couple of months. Better questions (and ones we hear from our clients, if not yet the compliance departments of their large customers) include:

How secure are our employees’ home networks?
How do we protect against whatever younger children and teenagers may be doing?
How insulated are the laptops that we issue?
Is it okay for employees to use their personal computers for corporate work? (I’ll answer that one here: “No.”)

Of course, there is a lot of “it depends” in the answers to these and other security-related questions. That said, here are five of the best things you can do to secure your data in our new, work-from-home world:

#1. Maximize encryption. Hopefully, most businesspeople are aware by now of the dangers of free Wi-Fi in a coffee shop, hotel room, or other public place. But the network in your home, if left unencrypted, is just as vulnerable to the prying eyes of a hacker in the apartment next door or in a car parked across the street.

Encryption, while not perfect, guards against all that. There are several types and they are steadily getting better, but at a minimum, your employees should be using something called WPA2 (WPA3 is even better, but not yet universally available).

#2. Update your router’s firmware. A router, like your computer, has software running inside of it (“firmware”). This needs to be updated regularly to ensure maximum protection. Some routers update on their own, automatically. Others need this done manually. You can learn more about keeping your router up to date, here.

#3. Change your router’s password. Every router comes with a default administrative username and password. In most cases, it’s printed on the side of the device. That’s convenient, but it also means that unless you built it yourself in the basement, somebody(s) else may have access to that username/password combination.

Change both of these and keep them in a secure location (like your password manager).

#4. Set up a guest network. This is exactly as the name suggests: a network intended specifically for guests in your home. Absent one of these, you’ll need to share your network password with every friend, relative, neighbor, cable technician, etc., who comes by and asks to jump on.

This type of network promiscuity can lead to the inadvertent introduction of malware and viruses into your home, as well as infiltration by bad actors.

#5. Keep all devices up to date. Most home networks have several devices connected to them in addition to computers — things like printers, smart TVs, game consoles, electronic picture frames and, of course, our scary friend Alexa and her counterparts.

In addition to removing those you no longer use, and putting those you still do on your guest network, these need to be kept up to date (“patched”) in order to help the network stay secure.

Final Thoughts

Telecommuting has been around for a long time. Decades, actually. But today, with so many of us working from home and so many laptops and other devices tossed into the mix, it’s vital that deliberate steps be taken to ensure the safety of our data.

Does all this seem like a lot of work? Maybe. But it’s nothing compared to the time, effort and cost of recovering from a security breech.

Now if you’ll excuse me, I’m off to the bank to deposit some checks. Oh wait, I stopped doing that…

To receive more great cybersecurity content for business leaders, sign up for our monthly newsletter: https://fractionalciso.com/newsletter/

Rob Black, CISSP

Rob founded Fractional CISO in 2017 and has helped dozens of companies improve their security posture as a vCISO. He consults, speaks, and writes on IoT and security. Rob has held product security and corporate security leadership positions at PTC ThingWorx, Axeda and RSA Security. He received his MBA from the Kellogg School of Management and holds two Bachelor of Science degrees from Washington University in St. Louis in Computer Science and System Science and Engineering. He is also a Certified Information Systems Security Professional (CISSP).