{"id":868,"date":"2021-09-01T10:57:00","date_gmt":"2021-09-01T10:57:00","guid":{"rendered":"https:\/\/dev.cryptoloc.au\/?p=868"},"modified":"2023-10-03T06:19:15","modified_gmt":"2023-10-03T06:19:15","slug":"blurred-lines-how-your-employees-home-wifi-connection-could-be-putting-your-data-at-risk","status":"publish","type":"post","link":"https:\/\/127.0.0.1\/blurred-lines-how-your-employees-home-wifi-connection-could-be-putting-your-data-at-risk\/","title":{"rendered":"Blurred lines: How your employees\u2019 home WiFi connection could be putting your data at risk"},"content":{"rendered":"\n

With society on a rollercoaster ride of lockdowns and social restrictions, working from home has become commonplace. But while most people have adapted to this new normal, corporate cybersecurity seems to be stuck in the pre-pandemic past \u2013 and cybercriminals are taking advantage.<\/p>\n\n\n\n

With just over 40% of employees working remotely<\/a> at least one day per week at the start of 2021, home networks are increasingly being used for professional purposes. It\u2019s a societal shift that has significantly widened the attack surface for cybercriminals, and increased the risk of sensitive data falling into the wrong hands, as home WiFi networks tend to be a much easier target for hackers than the typical business network. <\/p>\n\n\n\n

That\u2019s because home networks are less likely to be secured behind firewalls than office networks, and are often reliant on consumer-grade modems and routers that come with obvious security vulnerabilities. Worse yet, these routers are likely to be shared with private devices and consoles. <\/p>\n\n\n\n

Cryptoloc founder Jamie Wilson says that in the unavoidable rush to embrace working from home, businesses have been forced to live with these weaknesses, contributing to a recent spate of ransomware attacks<\/a>. <\/p>\n\n\n\n

\u201cThe boom in remote working caused by COVID-19 has dramatically increased IT vulnerability, especially for businesses that haven\u2019t tracked which of their devices are being used by their employees on home networks,\u201d Jamie says. <\/p>\n\n\n\n

\u201cIn reality, they have lost control of the security of their WiFi connections. With employees operating across different networks in multiple locations, using the same devices for work and personal purposes without the benefit of their organisation\u2019s security perimeter, the attack opportunities for cybercriminals grows exponentially.\u201d<\/p>\n\n\n\n

Fortunately, there are a number of things your employees can do to make their home internet connection more secure.<\/p>\n\n\n\n

How to harden a home WiFi connection <\/h2>\n\n\n\n

Change router passwords <\/h3>\n\n\n\n

A router creates a network for devices, and has its own password. If a cybercriminal is able to gain access to a WFH employee\u2019s router, it\u2019s only a matter of time until they can gain access to your business\u2019 data. <\/p>\n\n\n\n

Many routers ship with a default username and password, and because these passwords are often publicly available online, a cybercriminal can gain access to a router by simply working their way through a list of makes and models. It\u2019s imperative, then, that employees change the password to something that will be difficult to guess. <\/p>\n\n\n\n

Router settings can usually be accessed by typing \u2018192.168.0.1\u2019 or \u2018192.168.1.1\u2019 into a browser. As well as changing the password, the SSID \u2013 the name of the wireless network \u2013 can also be changed, to make it more difficult for cybercriminals to identify. This probably goes without saying, but names, home addresses, and anything that could be used to identify your employee or your business should be avoided when resetting the SSID. <\/p>\n\n\n\n

Update firmware <\/h3>\n\n\n\n

While most people know to regularly update devices like laptops and phones to get the latest security patches, routers are often overlooked. But exactly the same principle applies, and new firmware for routers needs to be updated regularly to address and close off security vulnerabilities before cybercriminals can exploit them. <\/p>\n\n\n\n

To make sure they\u2019ve got the latest firmware installed, employees can log in to their router settings and check for updates. Some routers even have a button that can be pressed to automatically check if a more recent update is available. <\/p>\n\n\n\n

Disable remote management <\/h3>\n\n\n\n

The remote management feature on a modem or router is intended to make it easier to access its settings from a remote location. Since most employees will never need to use this feature, and leaving it on makes it easier for cybercriminals to gain access to your network, it\u2019s a good idea to disable this function and prevent outsiders from being able to tamper with it. <\/p>\n\n\n\n

Enable \u2018guest\u2019 networks <\/h3>\n\n\n\n

If visitors need access to your employees\u2019 home network, they should enable the \u2018guest\u2019 WiFi feature. This way, they won\u2019t need to share their real WiFi password, and the guest user won\u2019t be able to access the rest of their network or change their WiFi settings. <\/p>\n\n\n\n

Similarly, if your employees\u2019 WiFi access point enables them to create multiple networks, then they should be encouraged to put their private devices on a separate network to the one they use for work \u2013 so that even if one of those personal devices is hacked, the work device will remain secure. <\/p>\n\n\n\n

Employees can also limit their network access to specific MAC (Media Access Control) addresses. To identify a MAC address, just open a Command Prompt and enter \u2018ipconfig\/all\u2019. The addresses of the desired devices can then be added to the router settings, and only those verified devices will be able to connect to the WiFi. <\/p>\n\n\n\n

Utilise firewalls and VPNs <\/h3>\n\n\n\n

Most companies have firewalls in place to protect their office network, but the same can\u2019t be said for home networks. If it\u2019s practical \u2013 and particularly if a WFH employee is going to have access to a significant amount of sensitive data \u2013 you could consider installing firewalls to protect your employees\u2019 home WiFi systems. <\/p>\n\n\n\n

Similarly, if you have a secure corporate VPN (Virtual Private Network) that you use to connect devices to your network and authenticate information before it\u2019s allowed through your firewall, make sure you specify that employees use this VPN on any devices that they use for work. <\/p>\n\n\n\n

Encrypt, encrypt, encrypt <\/h3>\n\n\n\n

Most routers will come with an encryption protocol that employees can enable. If the router was made after 2006, it\u2019ll likely be WPA2, which is still the strongest encryption protocol a router can provide. (If your employees are using routers from before 2006, they should probably strongly consider replacing them, anyway.) <\/p>\n\n\n\n

Encryption is important because it protects your data when the other protections you have in place fail, so that even if an attacker gets into your network, the data they find there will be of no value to them without an encryption key. <\/p>\n\n\n\n

Unfortunately, the built-in WPA2 protocol is relatively easy for a skilled hacker to exploit \u2013 so to ensure your data is truly secure, you should use Cryptoloc\u2019s ISO-certified encryption technology<\/a>.<\/p>\n\n\n\n

Cryptoloc\u2019s patented technology combines three different encryption algorithms into one unique multilayer process, ensuring that businesses and their customers can interact securely, with each piece of data assigned its own separate audit trail, and every user and action verified and accounted for. <\/p>\n\n\n\n

Cryptoloc\u2019s technology also encrypts data while it\u2019s in transit between networks, so your business can continue to flow smoothly and safely, no matter how many of your employees are working remotely on home WiFi systems.<\/p>\n\n\n\n

Beware of public networks <\/h3>\n\n\n\n

Working from home is one thing. But if your employees are using the free WiFi at a coffee shop, library or any other public place, that adds a whole extra layer of risk. <\/p>\n\n\n\n

These networks often require no password, and if your employee sets their device to remember the network, it will then automatically join any other network with the same name that isn\u2019t password-protected. A hacker can easily set up a rogue network with an identical name, and use it to access your employees\u2019 device. <\/p>\n\n\n\n

Of course, even that level of subterfuge may not be required \u2013 a cybercriminal could simply set up a free WiFi network with any legitimate-sounding name and use it to steal valuable information. <\/p>\n\n\n\n

Make sure your employees know not to let their devices automatically connect to free hotspots, or to remember networks their devices have joined. You should also make sure they have file sharing turned off, so their files can\u2019t be accessed by other people on the same network. <\/p>\n\n\n\n

As a general rule, it\u2019s best to avoid using public WiFi for work purposes altogether \u2013 no matter how tempting it is to take advantage of a freebie. <\/p>\n\n\n\n

Ultimately, securing your network while employees are working remotely will require a level of trust in your people to do the right thing.<\/p>\n\n\n\n

\u201cOrganisations need to ensure that all of their employees are aware of the importance of timely patching, and regularly briefed on the latest techniques being utilised by cybercriminals,\u201d Jamie Wilson says. <\/p>\n\n\n\n

\u201cIt\u2019s every organisation\u2019s responsibility to engage their employees with that training \u2013 because while it may seem time-consuming, it\u2019s vastly preferable to the alternative.\u201d  <\/p>\n","protected":false},"excerpt":{"rendered":"

With society on a rollercoaster ride of lockdowns and social restrictions, working from home has become commonplace. But while most people have adapted to this new normal, corporate cybersecurity seems to be stuck in the pre-pandemic past \u2013 and cybercriminals are taking advantage. With just over 40% of employees working remotely at least one day per week […]<\/p>\n","protected":false},"author":3,"featured_media":1110,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/868"}],"collection":[{"href":"https:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/127.0.0.1\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=868"}],"version-history":[{"count":1,"href":"https:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/868\/revisions"}],"predecessor-version":[{"id":869,"href":"https:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/868\/revisions\/869"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/127.0.0.1\/wp-json\/wp\/v2\/media\/1110"}],"wp:attachment":[{"href":"https:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=868"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=868"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=868"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}