The rise of personal gadgets, the shift towards remote work, the BYOD trend, and advances in AI have all contributed to home networks becoming an extension of companies' cyber defense perimeters.
However, many end-users do not recognize their home networks as extensions of their company's security boundaries. They often feel that using a company-provided laptop linked to the corporate security system is sufficient. As a result, they might not take enough measures to secure their other home devices.
Until recently, targeted cyberattacks were primarily directed at specific groups, such as top executives, politicians, or celebrities. However, things have changed. Nowadays, any business activity is becoming the focus of targeted attacks. It is not hard these days to obtain an employee's personal email or phone number, determine who resides at a given address, pinpoint their work address, etc. Armed with this information, hackers often try to exploit vulnerabilities in home devices and networks to breach corporate networks.
Cyberattacks on home networks are getting more advanced. Scammers are counting on the fact that many people might not be tech-savvy enough to fend off targeted attacks. Yet, these same people often hesitate to tighten the security on their home devices, fearing a breach of their privacy.
So, how to defend against targeted cyberattacks when employees' personal devices, even those not used for work, are under threat? Below are some simple tips everyone can follow.
Enhancing your security habits
The culture of safe device use should be improved. This involves several steps, including:
- Regularly back up your data, saving it to external drives or cloud services to protect against data loss. Use the 3-2-1 backup rule.
- Avoid charging mobile devices through a computer; instead, use separate adapters.
- Try not to use free public hotspots or charge devices at public transport stops or other public places.
- Let devices go into sleep mode to allow for automatic software updates.
- Make it a habit to reboot devices often, ensuring that downloaded updates are activated. This routine reboot can also eliminate certain threats that operate solely in the device's RAM.
- Turn off the internet connection if you will not be using it for an extended period.
- Ensure every device—from computers to smartphones—runs an updated OS. Also, do not forget to regularly update key apps, including web browsers and Office Suite.
- If you use a corporate BYOD for work, it is best to avoid using it for home entertainment activities, like playing games or browsing social networks. Instead, have a separate device for personal use.
Staying safe on social networks
Prioritize safe communication habits on social media platforms. Here are some key safety guidelines to consider:
- Restrict who can view your personal information. Periodically, at least once a quarter, review the security settings of your social media accounts and the apps linked to them.
- Refrain from posting personal details like your home address, phone number, workplace, and other sensitive information. Even harmless details, such as pet names or birthplaces, can be used by hackers to reset passwords.
- Set your posts to be visible only to friends to control who sees your content. Additionally, be cautious when adding new friends; verify their authenticity through known offline connections.
- Be vigilant about duplicate accounts of people you know. Some people register several accounts, for example, to avoid losing contact with the network in case of temporary blocking. But this is also used by cybercriminals who create fake profiles.
Home network access setup and protection recommendations
Now moving to the crucial section dedicated to essential recommendations for configuring and safeguarding your home network. It is a vital step towards fortifying your professional (and personal) digital boundaries against cyber threats.
- When configuring your home network, utilize a standard/regular user account with restricted access. Use the administrator account only for maintenance, software installation, or firmware updates. Some sensitive admin-related tasks may require ensuring the network is only accessible internally.
- Opt for strong, hard-to-crack passwords. Enable additional verification methods like MFA when available. Consider using dedicated password manager apps.
- Consider segmenting your Wi-Fi networks: one for main use, one for guests, and another for IoT devices. This prevents unfamiliar devices from directly accessing your primary network.
- It is very important to make a complete list of computing devices connected to your home network. This may include computers, laptops, printers, mobile phones, tablets, CCTV cameras, household appliances, cars, baby monitors, smart home devices, video streaming tools, game consoles, etc.
- Manage devices primarily in local mode. Turn off features like Universal Plug and Play (UPnP) and remote command execution.
- Remember, even if some gadgets do not allow the possibility of compromise at the hardware level—that is, they cannot perform functions unusual for them—devices with cameras and microphones might still record sound or video. It is a good idea to turn off any audio or video recording functionalities when not in use to prevent potential eavesdropping.
- Attention should be paid to protecting routers and updating their firmware. Many older router models have been found to possess significant vulnerabilities over the years. While OS updates are now commonly practiced, router firmware updates remain an overlooked aspect.
- Implement Wi-Fi Protected Access 3 (WPA3) to enhance wireless security within your home network. Upgrade your router if it does not support WPA3.
- Fully utilize firewall capabilities. Enabling features like Network Address Translation (NAT) can help deter network scans. If your internet provider offers IPv6, be sure to implement security precautions tailored for this protocol.
- Embrace a multi-layered software protection approach, including antivirus, anti-phishing, and other anti-malware tools. Remember that some home devices, such as voice assistants and IoT gadgets, might not support robust protective software. Cloud-based solutions for endpoint protection and tools for attack detection can be invaluable here. For individuals working with sensitive data, full disk encryption is advised for personal devices like laptops, tablets, and phones.
- Corporate data should be accessed only through an organization's VPN connection. Avoid direct transfers of such data between home devices, such as moving files from a laptop to a phone.
Cultivating a robust safety culture is no longer a mere recommendation but an essential mandate for employees. As targeted cyberattacks against individual home users intensify, they pose as much a threat to businesses as direct assaults on corporate infrastructures. Users, and especially home users, are still the weakest link in company security systems.
The practical guidelines detailed in this article can significantly enhance the security posture of business users connecting to their company's network from home. While these measures will not ensure complete protection, they make attackers work harder, adding solid layers of defense against threats.