As the workplace has been brought into our homes, many SMB’s tend to overlook a critical component: the security of employee devices at home. Some businesses have a BYOD (bring your own device) policy, while others have chosen to supply their teams with designated “work only” technology. We think of our homes as a safe space, but that doesn’t necessarily apply when it comes to the cyber world. Threat protection for remote workers is vital!
“Security cannot remain a secondary thought, and it was quickly understood that remote working led to new security challenges. The concept of “Bring Your Own Device” was in full bloom – maybe “Use Your Own Device” is more accurate given that no one has been bringing anything anywhere. In a post during the early “lockdown” days, Cisco’s Ben Nahorney outlined some of the more salient security challenges of this new mode of working, including the need to secure the endpoint, set policies around sanctioned software, secure network connections, and of course, increase scam awareness.” Cisco
Bad actors have taken advantage of the pandemic as an opportunity to target small businesses and large enterprises alike by attacking unsuspecting remote workers. Has your company taught employees the best work from home cybersecurity practices, to protect not only your SMB but also their personal data? Do your remote teams know how to check up on their home network security and strengthen it if necessary?
We take endpoint security very seriously when it comes to the CN team and our clients! That’s why Computers Nationwide is sharing expert tips for protecting work devices at home…
You may be wondering “What is home network security and why should I care?”
These are great questions! According to CISA: “Home network security refers to the protection of a network that connects devices—such as routers, computers, smartphones, and Wi-Fi-enabled baby monitors and cameras—to each other and to the internet within a home. Many home users share two common misconceptions about the security of their networks:
- Their home network is too small to be at risk of a cyberattack.
- Their devices are “secure enough” right out of the box.
Most attacks are not personal in nature and can occur on any type of network—big or small, home or business. If a network connects to the internet, it is inherently more vulnerable and susceptible to outside threats.”
Our partners at Cisco have released a study that highlights the effects of COVID-19, importance of improved cybersecurity efforts for remote workers, and the need for continued digital transformation now and post-COVID:
Top cybersecurity challenges reported by organizations supporting remote work: Secure access, defined as the ability to securely enable access to the enterprise network and applications for any user, from any device, at any time, is the top cybersecurity challenge faced by the largest proportion of organizations (62%) when supporting remote workers. Other concerns raised by organizations globally include data privacy (55%), which has implications for the overall security posture, and maintaining control and enforcing policies (50%).
Protecting an increasing number of endpoints: Securing devices is a growing challenge for organizations now unable to rely on connecting endpoints to campus networks for visibility and pushing updates. At the same time, employees are connecting to corporate resources with more personal, unmanaged devices, creating a blind spot for security teams. One in two respondents stated that office laptops/desktops (56%) and personal devices (54%) are a challenge to protect in a remote environment. This was followed by customer information and cloud applications both at 46%.
Organizations forced to accelerate digital transformation: While many organizations had begun their transitions to become cloud-first and remote-first even before the pandemic, this is a process that requires significant time and investment. The practically overnight move to a distributed workforce highlighted just how far many organizations still needed to go in their journeys. Globally, respondents reported to either be somewhat prepared (53%) or not prepared (6%) to make the accelerated transition to a remote work environment at the outset of COVID-19.
Take a look at some of CN’s favorite tips for securing work devices at home…
Our partners at Barracuda share the following practices:
Secure the Wi-Fi network: Many home wireless networks are secured with simple passwords, such as an address, family name, or favorite sports team. If your wireless is compromised, a criminal can use it to examine your network for other weak spots. Depending on what he finds, he could store malicious applications on your network, use your internet connection for illegal activities, or add your smart devices to a botnet. Use a complex password and any other mechanism you can to protect your wireless networks.
Know your applications: Most smart devices are supported by a mobile application. If your mobile phone is running a rogue or compromised application, your smart device could be feeding information to a third party. Check your app permissions and delete what you don’t need or no longer use. Only download apps from trusted vendors and sources and use either native or trusted third-party mobile phone security that can protect your device from these threats.
Beware of social media: It may not seem like it, but Google and social media sites can help criminals compromise your home and workplace devices. The internet is a gold mine for information about both you and your company, and you should do your best to manage what is being published to what audience. Privacy settings will help you control who can see what you are posting and what your device may be sharing such as your physical location. While it may be fun to meet and connect with new people, sticking to people you know and trust is always the more secure option. Even your trusted friends and family can make mistakes ,though, so let them know if they’re sharing too much information about you.
Here’s what the CISA recommends for improving home network security:
Update your software regularly: Regular software updates are one of the most effective steps you can take to improve the overall cybersecurity posture of your home networks and systems. Besides adding new features and functionality, software updates often include critical patches and security fixes for newly discovered threats and vulnerabilities. Most modern software applications will automatically check for newly released updates. If automated updates are not available, consider purchasing a software program that identifies and centrally manages all installed software updates. (See Understanding Patches and Software Updates.)
Change default log-in passwords and usernames: Most network devices are pre-configured with default administrator passwords to simplify setup. These default credentials are not secure—they may be readily available on the internet, or may even be physically labeled on the device itself. Leaving these unchanged creates opportunities for malicious cyber actors to gain unauthorized access to information, install malicious software, and cause other problems.
Install firewalls on network devices: In addition to a network firewall, consider installing a firewall on all computers connected to your network. Often referred to as host- or software-based, these firewalls inspect and filter a computer’s inbound and outbound network traffic based on a predetermined policy or set of rules. Most modern Windows and Linux operating systems come with a built-in, customizable, and feature-rich firewall. Additionally, most vendors bundle their antivirus software with additional security features such as parental controls, email protection, and malicious websites blocking.
Run up-to-date antivirus software: A reputable antivirus software application is an important protective measure against known malicious threats. It can automatically detect, quarantine, and remove various types of malware, such as viruses, worms, and ransomware. Many antivirus solutions are extremely easy to install and intuitive to use. CISA recommends that all computers and mobile devices on your home network run antivirus software. Additionally, be sure to enable automatic virus definition updates to ensure maximum protection against the latest threats.
Regularly back up your data: Make and store—using either external media or a cloud-based service—regular backup copies of all valuable information residing on your device. Consider using a third-party backup application, which can simplify and automate the process. Be sure to encrypt your backup to protect the confidentiality and integrity of your information. Data backups are crucial to minimize the impact if that data is lost, corrupted, infected, or stolen.
Mitigate Email Threats: Phishing emails continue to be one of the most common initial attack vectors employed by for malware delivery and credential harvesting. Attacking the human element—considered the weakest component in every network—continues to be extremely effective. To infect a system, the attacker simply has to persuade a user to click on a link or open an attachment. The good news is that there are many indicators that you can use to quickly identify a phishing email. The best defense against these attacks is to become an educated and cautious user and familiarize yourself with the most common elements of a phishing attack.
“While over 70 percent of global employees work remotely at least once per week and full-time remote workers are increasingly common, there are still aren’t a lot of resources that help address the cybersecurity risk introduced by remote work. In the past, workplaces that weren’t set up to work remotely, simply didn’t. However, the coronavirus pandemic and resulting lockdown of many countries mean that many organizations and their employees are now in the unfamiliar territory of full-time working from home (WFH).
Business continuity planning means that we now need to find ways to protect our customer’s sensitive data while allowing for location flexibility. There is a lot that can be done at an infrastructure level and an individual level to keep customer data secure, but the truth is your company’s confidential information is only as secure as the weakest link.” Upguard