This blog focuses on some key areas that you may not have considered in the shift to home-working and provides some advice around what businesses and employees can do to remain safe in these unprecedented times.  

Home Connectivity     

Home networks are typically less secure than workplace networks.  The home router is the primary area for concern.  Older routers are highly likely to have vulnerabilities in their firmware that hackers can exploit. Once a hacker gets in, they can access all sorts of contact information, passwords, and bank details. Having access at the router level can allow hackers to cause problems and capture information. A hacker’s first objective could be to install something like Meterpreter – this allows a hacker to capture screens, keystrokes, upload and download files etc.  

VPN’s can help but even if your company has one and you use it all the time to work, you are still vulnerable to this type of attack. With Office 365 and other cloud-based tools employees can often access everything they need without needing to connect to the corporate VPN and this is something that employers need to be aware of.   

The Internet of Things    

Internet of Things (IoT) products for many organisations (certainly many sectors) are still in their infancy, but when we move into the home it’s a different story all together. From smart printers to Alexa or Google Home, there can be a wide range of devices connected to our home routers – especially for those isolating with a family or roommates. It’s much easier for a hacker to use a default login or crack your child’s password than it is your corporate one.  

These devices provide hackers with an entry point you may not have thought about. Consider devices that constantly look (cameras – baby monitors/doorbells) while others listen (those with microphones).  As well as providing additional information by using these devices to spy on you, they also provide a hacker with an easier route onto your network.  Once in, lateral movement from one device to another is possible.  

Applications     

With the need for people to remain at home comes the need for additional applications to replace face-to-face activities. Take video conferencing, for example. Many people are downloading free personal video conference applications to jump on calls with friends and family. By adopting these non-corporate applications, you could be letting more than just your friends and family in and be putting your corporate device at risk. Zoom ‘bombing’ or ‘raiding’ is one such example, whereby hackers are infiltrating Zoom meetings to harass attendees. Hackers are also using video conferencing platforms to steal Windows credentials.  

It’s not just non-technical users that can be at risk, developers standing up services online for testing can also become easy targets when working from home.      

As more of us are now working from home the target pool is larger and therefore more interesting to hackers. In these uncertain times, the last thing any of us need is an additional negative event in our lives.   

Here are 6 things you can do to make things a little harder for hackers: 
 

1. Check that your router firmware is updated.  Hackers may try to compromise your security via the router, and you can make this more difficult by changing your router settings. 
2. Ensure you don’t have default or weak passwords on your router. Whilst many businesses can mitigate the security risk presented by weak passwords in-house, this is more difficult to manage when you move to the home. If you need to find out more about how to change your WIFI password, check out the resources your broadband provider have, like this from Virgin Media, for example.
3. Don’t take risks at home that you wouldn’t take at work: don’t open strange emails, e.g. unsolicited ‘free’ offers and strange demands or rebates from HMRC. Be wary of calls from people claiming to work in your IT department too. Just like your bank, your internal IT team shouldn’t need to know your password.  
4. Don’t let your children or other family members  use your work device.  Sounds obvious but as a parent myself, I know that  when young children are  playing up logical thinking can take a back seat.   
5. Update your device passwords to more complex formats, particularly for devices used by children as they may have a very simple password or no password at all.   
6. With Video conferencing don’t use unsecured  applications. Many companies are offering to  open  corporate video conferencing software  up for personal use. I would urge companies to do this and for employees to resist the temptation to take the easy route when an invitation from a friend arrives.  Instead, take control and send an invite from your corporate platform.   

These are some basic measures that you can adopt to help protect your home network, and don’t just apply to ‘new’ home workers. How many seasoned homeworkers have checked and updated the firmware on their router, or changed the default router password?  Your employer also has a responsibility and there are several solutions worth considering when it comes to protecting all mobile employees at the corporate level.   

Find out more about the Cyber Crime challenges many organisations are facing in our previous blog.