Many of our clients now support the BYOD and Remote Worker Model. Some of them might be thinking about ways they can secure their mobile workforce, but still enjoy the financial benefits of offsetting expenses and the overhead that comes with tracking depreciation and other administration overhead.
While we hunt for appropriate software controls for our clients, whether domain or SaaS services like Office365 with AzureAD, there’s a number of easy ways to secure the most insecure and hostile environment Security Professionals encounter – the home network. Completely out of your control.
They Like It!
A cozy nook in the attic, a basement Les-Nesman carved out of the corner, or a dining room table commandeering, employees love working where they want. Enter WIFI. It’s likely that 75% or more employees use WIFI as their main method of connecting their laptops to the home network.
The home network is a buzzing world of phones, tablets, PCs ,set-top boxes, and all manner of Internet-of-Things (doorbells/cameras/thermostat/fridge/OOM home phone gateways). It’s congested enough with bombardment, and it’s only made worse by using the airwaves.
They Want to Secure It!
Repeatedly characterised as in no way friendly, the employee insider threat usually overrides the capability to solicit them as partners in defending against the threat landscape.
Building Awareness and Training campaigns is simple, and it can be as simple as suggestion memo, to best-practices, to corporate policy.
WIFI networks are easily interrupted and insecure with any level of password or key protection. You’re broadcasting your business data with a radio antenna.
It’s a fact. WIFI is a radio broadcasting license!
Even as a stop-gap measure while avenues of securing the mobile worker’s access to your company data, the following common sense list and avenues for follow up consideration. Distribute them to empower those who are lay-persons or who understand a very small amount of technical items and desire to have their home-network better protected.
NUMBER ONE RECOMMENDATION
I recommend hardwire over airwaves, when possible. A cable is much more secure than a radio transmitter. You’ll also enjoy faster speeds with no interruption and cut connections when someone uses the old microwave next door.
VPN
VPN over the airwaves. Always. Every device. Some home routers even let you VPN into them while you’re local. ExpressVPN is one name.
WIFI Password(s!)
Change the WIFI password occasionally, both for the radio key and also for the WIFI router administration page (https://192.168.0.1 usually). Make it an annual event!
Buy a New Wireless Router
Turning off your provider’s Wireless Router radio and plugging your own purchased Wireless Router behind it is an excellent way to keep the ISP’s business out of your local network. By replacing WIFI access points every 3-5 years, you’ll have more frequent security updates. Generally, ISPs do not deliver non-critical urgent security updates with the frequency of , say, ASUS AC1900 routers. So you get access to the latest security standards, but you’ll notice an improvement in home speeds and a better antenna.
Power Off / Power On
Occasionally re-power your WIFI router. Take that cable modem or DSL modem and yank it’s power for 5 minutes. Some ISPs will rotate your public IP address (obscurity through rotation).
Other Clever WIFI Things to Consider for HQ
These, in combination with strong authentication systems, are generally the next-step. Usually, these technologies are reserved for organisations with 100 or more connected devices, but some of our more discerning and cautious clients have them in place for their C-suite executives at their residences.
1) Mesh networks and beam-forming
2) Rogue access point detection and alerting
Contact RiPPUL for WIFI security sweeps.
3) Access points with external antennas and power-adjusting capability, selected appropriately to provide coverage but not bleed signals unnecessarily down the block.
RiPPUL CyberSecurity BLOG 