Security Recommendations For Remote Workers

While corporations across the world continue to expand their usage and promotion of “work-from-home” arrangements with employees and contractors, we want to ensure that everyone remembers to keep their systems and data secure while they take advantage of the increased flexibility.  In this installment, Tyson Savoretti, Senior Consultant at Audit Liaison, is going to tackle securing your home network.

Three-Points of Security Focus for Your Home Network #

Quick tips for building cyber defense into our most commonly used networks.

Set-up a Second Wireless Network in Your Home #

It is currently accepted that there are more than 7 billion Internet of Things (IoT) devices online.  IoT devices include all of our home AI-devices, security cameras, Wi-Fi enabled kitchen appliances, doorbells, smart TVs (and many more).  These devices are designed to improve the efficiency of everyday tasks and make consuming media easier and more ubiquitous.

Unfortunately, many of these devices were not designed with security in mind.  Security upgrade patches may be non-existent, or in some cases, devices may be shipped with vulnerabilities intentionally.  It has been repeatedly demonstrated that “pivoting” from one of these insecure devices to another, separate, device is possible and could mean that any device on the same network as a compromised device may also be at risk.  How do we hedge this bet?

On many Wi-Fi routers designed for home use, it is possible to set up a separate (often referred to as “Guest”) network.  It is good practice to add every IoT device on the separate network and keep your more important devices (PCs, Laptops, SmartPhone, etc.) on the primary network. Refer to your router’s documentation for instructions on spinning up this secondary network. Your internet service provider or your router’s manufacturer will have a copy of the instructions online.  Just search “how do I create a “Guest” network and ‘the name and type of your router’” online.

You don’t want to get hacked because your toaster was shipped with a vulnerability!

Change any Default Settings #

Speaking of setting up new network devices, it is highly important to protect every device with a password other than the default password that the device is shipped with.  Most routers, these days, are shipped with a password other than “password,” but often security cameras are still shipped with username: admin, password: admin.  It is trivial for even a novice hacker to scan the internet for web-facing devices and determine which devices do not have a password set-up or devices that have not had their manufacturer password changed from the default.  This means access to your security cameras, water heaters, or other insecure network devices will be accessed by strangers across the globe. Any password is better than the default!

Home Security Password Hygiene #

While we are on the subject of passwords, it is common knowledge that having a strong password is a control against unauthorized access to your environment.  In most workplaces, this is forced upon you by the IT department.  At home, you may need to act as your own IT department!  Good password hygiene includes using a strong password, of course, but it also means not using the same passwords for every device.  This inconvenience can be managed with a number of quality password manager applications and should be explored as the expense is quite low.

For fun, I encourage you to visit (Phonetically; “Have I been Pone’d?”) and use their system to determine how many times your favorite password or email have been a part of a publicly known data breach.  This knowledge should help make the inconvenience of using multiple, strong passwords more of a priority as the number of devices in own homes increase each year.  If you go with your own passwords rather than using a password manager, length is as important, perhaps even more important, than complexity.  The longer the password, the more difficult it is to break.  And please, do not store your passwords where they can be easily accessed by anyone other than you, and we do encourage you to use an encryption program for storing your sensitive data at rest.  There are numerous software packages for Apple, Microsoft and Linux laptops to encrypt your entire hard drive at rest which is a great benefit if you work from home or travel regularly.

Questions?  Please feel free to email us at [email protected].

Tyson Savoretti, CISA CEH SSCP PCI-ISA PenTest+ CySA+