This blog focuses on some key areas that you may not have considered in the shift to home-working and provides some advice around what businesses and employees can do to remain safe in these unprecedented times.
Home networks are typically less secure than workplace networks. The home router is the primary area for concern. Older routers are highly likely to have vulnerabilities in their firmware that hackers can exploit. Once a hacker gets in, they can access all sorts of contact information, passwords, and bank details. Having access at the router level can allow hackers to cause problems and capture information. A hacker’s first objective could be to install something like Meterpreter – this allows a hacker to capture screens, keystrokes, upload and download files etc.
VPN’s can help but even if your company has one and you use it all the time to work, you are still vulnerable to this type of attack. With Office 365 and other cloud-based tools employees can often access everything they need without needing to connect to the corporate VPN and this is something that employers need to be aware of.
The Internet of Things
Internet of Things (IoT) products for many organisations (certainly many sectors) are still in their infancy, but when we move into the home it’s a different story all together. From smart printers to Alexa or Google Home, there can be a wide range of devices connected to our home routers – especially for those isolating with a family or roommates. It’s much easier for a hacker to use a default login or crack your child’s password than it is your corporate one.
These devices provide hackers with an entry point you may not have thought about. Consider devices that constantly look (cameras – baby monitors/doorbells) while others listen (those with microphones). As well as providing additional information by using these devices to spy on you, they also provide a hacker with an easier route onto your network. Once in, lateral movement from one device to another is possible.
With the need for people to remain at home comes the need for additional applications to replace face-to-face activities. Take video conferencing, for example. Many people are downloading free personal video conference applications to jump on calls with friends and family. By adopting these non-corporate applications, you could be letting more than just your friends and family in and be putting your corporate device at risk. Zoom ‘bombing’ or ‘raiding’ is one such example, whereby hackers are infiltrating Zoom meetings to harass attendees. Hackers are also using video conferencing platforms to steal Windows credentials.
It’s not just non-technical users that can be at risk, developers standing up services online for testing can also become easy targets when working from home.
As more of us are now working from home the target pool is larger and therefore more interesting to hackers. In these uncertain times, the last thing any of us need is an additional negative event in our lives.
Here are 6 things you can do to make things a little harder for hackers:
These are some basic measures that you can adopt to help protect your home network, and don’t just apply to ‘new’ home workers. How many seasoned homeworkers have checked and updated the firmware on their router, or changed the default router password? Your employer also has a responsibility and there are several solutions worth considering when it comes to protecting all mobile employees at the corporate level.
Find out more about the Cyber Crime challenges many organisations are facing in our previous blog.