Most companies sent their employees home to work in March 2020, adding to the threat vectors of cyberattacks. Employees who had never worked remotely suddenly found themselves sitting at their kitchen table trying to manage their day of work. Tasks, such as security, that were traditionally “someone else’s job” are now the responsibility of every employee. You were forced to become the cybersecurity engineer for your home network and, hopefully, had support from their employer.
Here are some tips to assist the new home-based cybersecurity engineer to protect their home network from cyberattacks.
Managing a Wireless Network
Being tethered to a home router by the length of a cord, in this case an Ethernet cable, was not practical. Having a wireless network requires some due diligence to protect your home network.
- All home wireless routers are shipped with a default administrative username/password combination, typically “admin” and a password. Although manufacturers have improved security by providing unique default usernames/password combinations, you should change them as soon as the Internet Service Provider (ISP) completes the setup. The administrative account allows you to make any configuration changes to your wireless router. You can usually find the place to change the default username and password in the advance settings of your wireless router.
- To restrict access to your wireless router, make sure to disable remote access. Although this may be easy to troubleshoot home network issues while you are traveling, it is an attack vector for those people who might have malicious intent.
Now that we have secured access to your wireless router itself, we will explore changes to protect your wireless network.
- When wireless routers are configured, they broadcast, or make visible for discovery, your network name, or Service Set Identifier (SSID). This is what is used to connect devices to your network. You should change this network to something only you will know and can remember. For example, you could use “myinternetconnection.”
- Once you have changed the name of the SSID, you should turn off broadcasting your network name. If you do not change the SSID but disable broadcasting it, I can promise you will never remember the default SSID that was configured on your wireless router.
- After changing the SSID, change the password for connecting devices. Create a strong password not easily guessed (e.g., your address or street). Remember, an attacker would need to be in range of your wireless network. Consider using an entire sentence, with punctuation (e.g., The quick brown fox jumped over the lazy dog’s tail, 47 times!).
- When you have guests visit, you should create a Guest network with a completely different password to allow your guests to take advantage of your high-speed Internet while visiting, without compromising your home network. Only you will know the name and password to connect your devices, but someone nearby will not be able to discover your network.
Once we have “hardened” access to the wireless router and network, there are a few more steps that can be taken to add protection to your home network.
- All home wireless routers should include a security system. Make sure it is enabled, which is typically done by default. The security system prevents external (e.g., Internet) traffic from getting to your internal network. Only advanced users would need to consider opening holes, referred to as ports, on their home network.
- By enabling a strong password for your wireless network, you would have, by default, enabled encryption which is typically WPA-2 for most home wireless networks. Encryption prevents attackers from being able to potentially “listen” to your home network traffic.
- There may be times where you would need to troubleshoot issues on your home network. Consider enabling logging, which will tell you where to look for issues when they occur. There are plenty of resources on the Internet that can help you decipher the technical information contained within the router logs.
- Finally, you should configure your wireless router to automatically update, which can be set to update while you sleep to avoid disruptions on your home network. You certainly would not want your wireless router to update while streaming your favorite show or sporting event. Keeping your wireless router up to date with the most recent software version will correct vulnerabilities, preventing possible unauthorized access to your home network.
Although you have a responsibility of preventing unauthorized access to your home network, your employer is not completely off the hook. While you have taken steps to protect the network, your employer should provide you with computer equipment that protects your work information. Employers should provide remote access to the corporate network through a Virtual Private Network (VPN). The VPN is encrypted and will prevent attackers from listening, or sniffing the network, for potential sensitive information.
Employers should consider restricting local administrative access to the computers they provide to prevent unauthorized software from being installed. Additionally, the employer should encrypt the computer system they provide and keep it current with security patches on the applications and Operating System. Finally, the employer should install behavior-based anti-malware, protecting against malicious programs.
This list is not meant to be an exhaustive list because there are likely more advanced options for adding security, but most should only be done if you have advanced knowledge of the possible configurations.
Larry Schwarberg
We have covered a few tips that make your home network more secure. The material covered will prevent your home network from being used for malicious purposes by unauthorized users as well as protecting your Employer’s work. This is not meant to be an exhaustive list, but a list of simple steps a user of any skill level can implement. There are more advanced options for adding security, which should only be done if you have advanced knowledge of the possible configurations. If implementing more advanced security features, I highly recommend you backup your configuration prior to making changes. If all else fails, most wireless routers come with a “restore defaults” setting, or something similar. Now you are ready to become your home network cybersecurity administrator!
Larry Schwarberg has over 25 years in Cybersecurity. He is the Vice-President of Information Security at University of Phoenix. Larry holds a Master of Science degree in Management – Information Security from Colorado Technical University. He has held positions of increasing responsibility in the finance, managed hosting, consulting, healthcare, pharmaceutical and higher education industries as well as serving on vendor security advisory councils. He has broad knowledge and experience and specializes in Identity and Access Management, Security Governance, and building cybersecurity programs. Larry has participated in speaking engagements and contributed to cybersecurity publications and articles.
The post Remote Work: Tips You and Your Employer Can Implement for Security appeared first on HR Daily Advisor.