blog

Working from Home? 5 Steps to Secure Your Home Network

Written by Cyber Security Associates | Oct 30, 2024 12:00:00 PM

Introduction

With a large amount of confidential and/or proprietary information residing on and flowing through a corporation’s network, organisations put a lot of effort into ensuring that information stays confidential and remains accessible. For example, they may utilise some form of Network Access Control which only allows authorised devices to connect to the network, perform vulnerability scanning in-house, or have an external cyber security company such as SureCloud perform security testing on the corporation’s assets. Efforts will have been taken to ensure all networks and devices are secure and information can only be accessed by those who are authorised to access it. All of which are very sensible and recommended best practices.

With working from home becoming the ‘new normal’, that same corporation now has a distributed network that goes all the way to their employees’ home network. A network that the corporation has little control over and for all intents and purposes may be completely insecure.

While corporations, obviously, cannot take control of these home networks (short of supplying employees with corporate hotspots anyway). What they can do is give advice to their staff about the best steps to take to secure their home network.

It is true that some work from home users may have very secure home networks, the owner having invested their own time and money in order to provide themselves that assurance. However, home networks like this are likely to be in the minority, and this advice won’t be directed at them. It’s aimed at the majority, who most likely have a major-brand ISP supplied wireless router with the default settings.

Top five tips for securing your home network

1. Ensure that your wireless network is using the most secure encryption type supported by your router. This encryption makes your communications with the router unreadable by other persons ‘sniffing’ the packets from the air. Some of the encryption types available have been around since the early days of wireless networks and are now easily broken. Routers may call the encryption they support by different names; the following table aims to illustrate safe and weak home wireless encryption protocols:

If there are no good encryption protocols to choose from, then be mindful that even weak encryption is better than no encryption. Though, that said, if this is the case then it is probably time to update your wireless router.

2. Ensure that the password to your wireless network (sometimes called a Pre-Shared Key or PSK) is secure. If an attacker is able to guess or brute-force the password to your wireless network, which involves trying many thousands of guesses in an automated attempt to find the correct password, then they are able to join it. Once joined to your network, the attacker would be able to search it for vulnerable devices as well as view the traffic from other devices on the network (excluding wireless network using WPA3).

When choosing a password, it is good practice to not use dictionary-based works, or mutations of dictionary words (e.g. SureCloud > 5ur3Cl0ud). To use as many special characters (i.e. not numerical or alpha) as possible and to make the length of the password at least 12 characters long.

Another element of keeping the password secure is knowing who has access to it, and therefore your network. If you don’t know who exactly is connecting to your network, its probably time to change the password to something new.

3. Change the routers default Administrator password. The Administrator password allows a user of the network to access the setting of the router and change them. This tip only applies if the password is already something easily guessable, such as the name of the ISP, the name of the manufacturer of the device, ‘default’ or ‘admin’. Some modern routers use more complex default passwords, which are not necessary to be changed as they are not easily guessable.

4. Make sure your routers firmware is up to date. Many ISP routers now do this automatically, by downloading the firmware, installing it and rebooting the router in the dead of night. But not all routers will do this. You should be able to access the upgrade options by logging into the router with the Administrators password and looking for the upgrade, update or firmware option. Consult your routers manufacturer or distributor for instructions on how to best do this.

5. Try to make other devices on your network as secure as your router. This means installing updates on your computers as they come in, changing default passwords on any smart devices which may be connected, ensuring that anti-virus software is running on all computers and try to be somewhat sensible about what is downloaded and installed.

The American FBI have recommended that Internet of Things (IoT) devices such as security cameras and smart devices are not kept on the same network as the more sensitive devices such as personal and work computers1. While this is indeed sensible advice, it’s not really feasible to expect the average home worker with standard consumer networking equipment who is not a network security expert to be able to do that.

Ultimately, for corporations, it comes down to what lies in their sphere of influence. They have limited influence over a user’s home network, but are able to offer advice – which may or may not be taken by the employee. But what they can influence, and what they should therefore concentrate on is their own equipment and procedures. To this end, it may be best just to assume that an employee’s home network is fully untrusted and full of malicious actors, while ensuring that the corporate equipment is able to operate securely in such an environment.