BannerSection111
Posted by Andrew Nooks

Your Home Network is Hostile!

Your Home Network is Hostile

Working from home is here to stay

I want to share with you a conversation I had recently with a friend, for the purposes of this medium I will refer to him as JT. JT works in the financial services industry and has a spouse that works in the hospitality sector. As a couple they have three children, one in middle school and two who attend different high schools. As a unit we could say they are middle to high income earners and the family enjoys the benefit of being able to afford some of the components that make up a smart home.

Devices such as Smart Tv’s, voice command and control systems (Alexa, Google-home) a smart refrigerator, smart plugs, lights, multiple mobile devices and video surveillance system that is managed by a third-party provider. All systems are connected to a single home network that was configured by an Internet Service Provider (ISP) assigned technician a couple years prior when the family first moved into their new home.

By now you would have probably figured out the challenge that JT faces today. JT has for the first time found himself working from home for an undetermined period. To ensure that JT could continue to perform work duties, JT was assigned a company device with all the expected corporate security features that can be used to connect to office resources from home. JT’s spouse is also working from home but using a personal device, the children also use personal devices to connect to respective school portals.

JT, being aware of the sensitive nature of work-related information he now had access to on a home network, had some concerns about the security of his home network. So, JT called to ask me my thoughts.

JT: Do you think my home network is secure?

Me: Well that depends on a few things. Your internet service was configured by the ISP technician more than two years ago. Have you changed the default passwords? Have you changed the default name for your Wi-Fi and if so, is it a word or phrase that will quickly identify whom it belongs to? Is your Wi-Fi network hidden or is it still publicly visible? The router or equipment from the ISPs have probably not been upgraded which would mean they are likely susceptible vulnerabilities that already exist. And if this is the case do you have an active updated firewall on all devices?

JT: I don’t think we have changed our router since we first got it I didn’t think that was necessary, but I have updated passwords and I just told my son to double check if our Wi-Fi is hidden or not.

Me: Ok well that’s not bad so far but let’s dig a bit deeper. You have three kids at home including you and your spouse so at minimum I’m counting three devices per person that’s fifteen devices plus or minus all your other smart electronics in the house. Now JT, do you know for certain how many devices are connected to your Network at any given time? Do you know what all those devices are being used for and by whom? Does your neighbour or friends or family who visits your house know your Wi-Fi password? How about you what types of sites are you visiting at home? And before you go there, I mean legitimate sites, legitimates sites that can potentially be cloned or manipulated to trick you into thinking you are still accessing a safe website. While we’re at it lets ask ourselves the question, do we even know if your home network hasn’t already been compromised and a third party already has access to your network via remote surveillance techniques?

JT: Ok, ok, ok you can stop now! I get it, my home network is probably hostile and can put my work device as well as network and systems at risk of compromise. You’ve made your point! Now tell me how I can fix it.

Me: Now while I can’t promise you that you can totally eliminate the risk there are a few things you could consider to minimize the exposure:

  • Ensure that your company devices have an effective anti-malware solution and that it has all the latest patches installed.
  • Ensure that endpoint protection is installed and properly configured otherwise ask them to configure windows firewall.
  • Be sure that you are not using a privileged account to access your device in the event that you suspect that you are already or do become compromised.
  • Use a strong password and two-factor authentication where possible.
  • At home you should change the defaults on your ISP supplied equipment and ensure that it has the latest firmware. If the device is no longer supported by the manufacturer, ask your ISP for an updated device.
  • Configure the firewall feature on your device if available; otherwise consider getting a small firewall device.
  • Segment your network: separate you Internet of Things (IoT) devices, mobile devices, game consoles, smart watches etc. create a guest network and most importantly create a segment for your sensitive work. This may take some doing and you may need the help of a qualified network technician; ask the network administrator at your office for help or to recommend someone.
  • Talk to you family about safe Internet usage; this could go a far way to limit your exposure.

Now you may not see yourself as a JT nonetheless you may know a JT, there may be many JT’s in your organization who today are unknowingly leaving very sensitive company data exposed to third parties with malicious intent. Whether you are the CEO of a company, the head of IT or the newest member of the business development team you owe it to yourself and your organization to keep your home network protected and to keep your entire team updated on the best internet usage practices available when working remotely in the digital era. 

Schedule a virtual appointment with one of our Security Consultants today to learn more.

Topics: Information Security, cybersecurity

Posted by
Andrew Nooks

Andrew is a Director with Symptai Consulting Limited, a leader in information security assurance and advisory services. Andrew’s has responsibility for Efficiency, Growth, Innovation and Disruption. He has over twenty-five (25) years of experience in information systems administration, audit and security assessments.

Comments