Working from Home? 5 Steps to Secure Your Home Network
Written by Chris Cohen, SureCloud’s Cybersecurity Consultant
With a large amount of confidential and/or proprietary information residing on and flowing through a corporation’s network, organizations put a lot of effort into ensuring that information stays confidential and remains accessible. For example, they may utilize some form of Network Access Control (which only allows authorized devices to connect to the network), perform vulnerability scanning in-house, or have an external cybersecurity company such as SureCloud perform security testing on the corporation’s assets – this can be in the form of penetration testing. For overall coverage of cyber risks and compliance management, many businesses opt for an IT GRC software package, which combines all the tools and controls you need to maintain your security posture.
Efforts to ensure all networks and devices are secure, and information can only be accessed by those authorized to access it, are essential. All of which are very sensible and recommended best practices.
What can businesses do to stay secure during the WFH climate?
With working from home now the ‘new normal,’ that same corporation now has a distributed network that goes all the way to their employees’ home network. A network that the corporation has little control over may be completely insecure.
While corporations cannot take control of these home networks (short of supplying employees with corporate hotspots anyway), they can advise their staff on the best steps to take to improve their home network security.
Although some remote working users may have very secure home networks, the owner has invested their time and money to provide that assurance. However, this kind of home network is in the minority. Instead, we aim these five tips at the majority, who likely have a major-brand ISP-supplied wireless router with the default settings.
Top five tips for improving your home network security
1. Ensure that your wireless network uses the most secure encryption type supported by your router.
This encryption makes your communications with the router unreadable by other persons ‘sniffing’ the packets from the air. Some encryption types available have been around since the early days of wireless networks and are now easily broken. Routers may call the encryption they support by different names; the following table aims to illustrate safe and weak home wireless encryption protocols:
|Safe||WPA3 or WPA2. May be labelled something like WPA2-PSK (AES) or WPA3 (AES).|
|Weak||No encryption. WEP, WPA, WPA1, WPA2 with TKIP and WPA/WPA2 or Mixed Mode.|
If there are no good encryption protocols to choose from, then be mindful that even weak encryption is better than no encryption. If this is the case, it is probably time to update your wireless router.
2. Secure your passwords.
Make sure that the password to your wireless network (sometimes called a Pre-Shared Key or PSK) is secure.
If an attacker can guess or brute-force the password to your wireless network by trying thousands of guesses in an automated attempt to find the correct password, then they can join it. Once joined, the attacker could search it for vulnerable devices and view the traffic from other devices on the network (excluding wireless networks using WPA3).
When choosing a password, it is good practice not to use dictionary-based works or mutations of dictionary words (e.g. SureCloud > 5ur3Cl0ud). Use as many special characters (i.e. not numerical or alpha) as possible and make the password length at least 12 characters long.
Another element of keeping the password secure is knowing who has access to it and, therefore, your network. If you don’t know who exactly is connecting to your network, it’s probably time to change the password to something new.
Read my take on traditional passwords.
3. Change the router’s default Administrator password.
The Administrator password allows a network user to access the router’s settings and change them. This tip only applies if the password is already something easily guessable, such as the name of the ISP, the name of the manufacturer of the device, ‘default’, or ‘admin’. Some modern routers use more complex default passwords, which are unnecessary to change as they are not easily guessable.
4. Make sure the firmware of your router is up to date.
Many ISP routers now do this automatically by downloading the firmware, installing it and rebooting the router in the dead of night. But not all routers will do this. You should be able to access the upgrade options by logging into the router with the Administrators password and looking for the upgrade, update, or firmware option. Consult the manufacturer or distributor of your router for instructions on how to do this best.
5. Try to make other devices on your home network as secure as your router.
This means installing updates on your computers as they come in, changing default passwords on any smart devices, ensuring that anti-virus software is running on all computers, and being cautious about what is downloaded and installed.
The FBI has recommended that Internet of Things (IoT) devices such as security cameras and smart devices are not kept on the same network as the more sensitive devices such as personal and work computers. While this is sensible advice, it’s not feasible to expect the average home worker (not a network security expert) with standard consumer networking equipment to be able to do that.
Ultimately, for organizations, it comes down to what lies in their sphere of influence. They have limited influence over a user’s home network and its security, but they can offer guidance to employees that will hopefully be listened to.
What businesses can directly control is their own equipment and procedures. Therefore, I would recommend assuming that an employee’s home network is fully untrusted and full of malicious actors while ensuring that the corporate equipment can operate securely in such an environment. To test the cybersecurity of your business network, you can embark on cybersecurity resilience testing. Alternatively, take a look at the benefits of IT GRC software.
Webinar with CREST President to discuss the New Normal and Beyond…
Check out our fireside virtual conversation on how to ‘Secure Your Cyber Baseline For The New Normal’ with Ian Glover (CREST) and our Risk Advisory Practice Director.
- ‘Top ten’ return to work tips, including establishing new ways of working
- Advice on how to secure a new cyber baseline following a crisis
- Guidance for defining a resilient cyber strategy
Any questions or concerns, please email firstname.lastname@example.org, and we will do our best to assist you.
Check out our Cyber Resilience Assessment Solution to help secure and protect your business during this new normal and beyond!
SureCloud is a provider of cloud-based, Integrated Risk Management products and Cybersecurity services, which reinvent the way you manage risk.
SureCloud also offers a wide range of Cybersecurity testing and assurance services, where we stay with you throughout the entire test life-cycle, from scoping through to vulnerability discovery and remediation. Certified by the National Cyber Security Centre (NCSC) & CREST and delivered using the innovative Pentest-as-a-Service (underpinned by a highly configurable technology platform), SureCloud acts as an extension of your in-house security team and ensures you have everything you need to improve your risk posture.