(“In Case You Missed It Monday” is my chance to showcase something that I wrote and published in another venue, but is still relevant. This week’s post originally appeared on My Tech Decisions)
Your office is closed and your entire staff is working remotely due to COVID-19. Every morning, your employees access their home networks to log into their work applications to carry out their duties.
Since every employee is connecting via their home networks, you don’t have to worry so much about your organization’s cybersecurity defenses, right?
Actually, you’d be dead wrong, says Leon Adato, a head geek at IT software company SolarWinds.
Why are home networks less secure?
Home networks are inherently less secure due to the simple design and plug-and-play nature of home network devices like modems and routers.
At home, users typically rely on security by obscurity, Adato says.
“There’s literally nothing of value anybody would want,” Adato said, mimicking a hypothetical ignorant home network owner.
However, those same users have overlooked the most valuable thing in the house, which is them. At home, you freely send identifiable information over the network, like your credit card information, health information and other personal data.
“They’re a rich, valuable resource for people to take advantage of,” Adato says.
Now, cybercriminals are taking advantage of the coronavirus pandemic and sending malware via email masquerading as important COVID-19 updates and information, opening the door for hackers to steal not only your personal information, but information about your company.
Bring-your-own device (BYOD) was hard enough for IT departments to manage.
“Now it’s BYOD times a thousand – or by the number of employees you have,” Adato says.
Update software and change passwords
Just as the world is taking precautions to avoid the spread of COVID-19, it should be every remote worker’s responsibility to secure their home.
“The good news is we don’t have to worry about everyone out there,” Adato says. “We just have to deal with our own home networks.”
The first thing users should do is make sure every piece of software they own is up to date.
“Update everything, and that includes your antivirus software. What, you don’t have it? You’ll be buying it.”
While you’re shopping for antivirus software, users should also purchase a password manager. There are many providers, and some are even free.
These will help you keep track of all the passwords you use, as they should largely be different for every application or service.
“If you do those three simple things, that’s baseline,” he said.
Log into your network infrastructure
The admin username and password for the internet router you bought at a big box store is the same for every one of that particular model ever sold, Adato says.
“Change your damn password,” he says “Doing that one thing will make you 50-to-60% safer than you were a minute ago.”
Once you’re in there, users can access a variety of security options, like turning off traffic to certain services like gaming or cloud sharing, but end users should tread carefully if they’re not well versed in IT.
“If you change something, make note of it,” Adato says.
You can also access your wireless internet router to set up more security options, like WPA2 and PSK. While you’re there, turn off remote configuration.
Consider a DNS service
Domain Name System servers can provide a type of herd immunity for end users, Adato says.
“If one person is attacked and hacked, the DNS provider recognizes this and shuts down it down for everyone using the service,” says Adato.
These simple steps — which Adato said aren’t particularly technical or difficult — are all made for the home user.
“If you do that, you will not have built (a complicated) home network, but you will have made a much more secure environment,” says Adato.