Most companies sent their employees home to work in March 2020, adding to the threat vectors of cyberattacks. Employees who had never worked remotely suddenly found themselves sitting at their kitchen table trying to manage their day of work. Tasks like security that were traditionally “someone else’s job” were now the responsibility of every employee. You were forced to become the cybersecurity engineer for your home network and, hopefully, had support from your employer.
Here are some tips to assist the new home-based cybersecurity engineers to protect their home network from cyberattacks.
Managing a Wireless Network
Being tethered to a home router by the length of a cord—in this case an Ethernet cable—wasn’t practical. Having a wireless network requires some due diligence to protect your home network.
- All home wireless routers are shipped with a default administrative username/password combination, typically “admin” and a password. Although manufacturers have improved security by providing unique default username/password combinations, you should change them as soon as the Internet service provider (ISP) completes the setup. The administrative account allows you to make any configuration changes to your wireless router. You can usually find the place to change the default username and password in the advance settings of your wireless router.
- To restrict access to your wireless router, make sure to disable remote access. Although this may make it easy to troubleshoot home network issues while you’re traveling, it’s an attack vector for those who might have malicious intent.
Now that we’ve secured access to your wireless router itself, we’ll explore changes to protect your wireless network.
- When wireless routers are configured, they broadcast, or make visible for discovery, your network name, or service set identifier (SSID). This is used to connect devices to your network. You should change this network to something only you will know and can remember. For example, you could use “myinternetconnection.”
- Once you’ve changed the name of the SSID, you should turn off broadcasting your network name. If you don’t change the SSID but disable broadcasting it, I can promise you you’ll never remember the default SSID that was configured on your wireless router.
- After changing the SSID, change the password for connecting devices. Create a strong password that can’t be guessed easily (e.g., your address or street). Remember, an attacker would need to be in range of your wireless network. Consider using an entire sentence with punctuation (e.g., The quick brown fox jumped over the lazy dog’s tail 47 times!).
- When you have guests, you should create a guest network with a completely different password to allow your guests to take advantage of your high-speed Internet while visiting without compromising your home network. You’ll know the name and password to connect your devices, but someone nearby won’t be able to discover your network.
Once we have “hardened” access to the wireless router and network, there are a few more steps that can be taken to add protection to your home network.
- All home wireless routers should include a security system. Make sure it’s enabled, which is typically done by default. The security system prevents external (e.g., Internet) traffic from getting to your internal network. Only advanced users would need to consider opening holes, referred to as ports, on their home network.
- By enabling a strong password for your wireless network, you would have, by default, enabled encryption, which is typically WPA-2 for most home wireless networks. Encryption prevents attackers from being able to potentially “listen” to your home network traffic.
- There may be times when you’ll need to troubleshoot issues on your home network. Consider enabling logging, which will tell you where to look for issues when they occur. There are plenty of resources on the Internet that can help you decipher the technical information contained within the router logs.
- Finally, you should configure your wireless router to automatically update, which can be set to update while you sleep to avoid disruptions on your home network. You certainly wouldn’t want your wireless router to update while streaming your favorite show or sporting event. Keeping your wireless router up to date with the most recent software version will correct vulnerabilities, preventing possible unauthorized access to your home network.
Although you have the responsibility of preventing unauthorized access to your home network, your employer isn’t completely off the hook. Although you’ve taken steps to protect the network, your employer should provide you with computer equipment that protects your work information. Employers should provide remote access to the corporate network through a virtual private network (VPN), for example. The VPN is encrypted and will prevent attackers from listening to, or sniffing, the network for potential sensitive information.
Employers should also consider restricting local administrative access to the computers they provide to prevent unauthorized software from being installed. Additionally, they should encrypt the computer system they provide and keep it current with security patches on the applications and operating system. Finally, they should install behavior-based anti-malware, protecting against malicious programs.
We’ve covered a few tips that make your home network more secure and prevent your home network from being used for malicious purposes by unauthorized users, as well as protect your employer’s work. This isn’t meant to be an exhaustive list, but it’s a list of simple steps a user of any skill level can implement. There are more advanced options for adding security, but they should only be done if you have advanced knowledge of the possible configurations. If implementing more advanced security features, I highly recommend you back up your configuration before making changes. If all else fails, most wireless routers come with a “restore defaults” setting or something similar. Now you’re ready to become your home network cybersecurity administrator!
Larry Schwarberg has over 25 years in cybersecurity. He’s the Vice President of Information Security at the University of Phoenix and holds a Master of Science degree in management—information security from Colorado Technical University. He has also held positions of increasing responsibility in the finance, managed hosting, consulting, healthcare, pharmaceutical, and higher education industries, as well as served on vendor security advisory councils. He has broad knowledge and experience and specializes in identity and access management, security governance, and building cybersecurity programs. Schwarberg has also participated in speaking engagements and contributed to cybersecurity publications and articles.