Currently, employees are more digitally connected to their workplace than ever. The hybrid workplace is here to stay, and for employees, this means relying on connected devices from their home office setups. According to recent data, smart home systems are set to rise to a market value of $157 billion by 2023, and the number of installed connected devices in the home is expected to rise by a staggering 70% by 2025.
You are only as strong as your weakest link, especially when it comes to cybersecurity. Any precautions that the office takes to prevent attacks, should also be taken at your home with your connected devices where applicable. What good is having a secure office if you're working from home in a vulnerable environment?
Here are some effective tips for securing your home network and devices for your hybrid workplace.
Ensuring your network in which your traffic is flowing through is secure is crucial for preventing attacks.
Here are the guidelines for ensuring your network is secure:
- Use strong credentials. Ensure that your home Wi-Fi is protected by a strong password.
- Turn off network name broadcasting. When using a wireless router at home, it is highly recommended that you disable network name broadcasting to the general public.
- Enabling network encryption. Almost all wireless routers come with an encryption feature, and it is usually turned off by default. Turning on your wireless router’s encryption setting can help secure your network. The most recent and effective encryption is WPA2.
- Use a firewall. Wireless routers generally contain built-in firewalls but are sometimes shipped with the firewall turned off. Be sure to check that the wireless router’s firewall is turned on, or install one.
- Use a VPN. Virtual private networks add a further layer of protection to internet use from home to ensure encryption end to end. Always use a VPN to connect to your organization's internal network. This prevents man-in-the-middle attacks from remote locations.
Remember that since people are now working from home, traffic is potentially flowing over public networks without any authentication for going on that network. The best solution is to utilize the already secure company network rather than using a network that does not uphold company security practices and policies.
Cybersecurity is just as important in the physical realm as it is in the networking realm. In fact, an entire “layer” of security is dedicated to just physical security practices! It is referred to as the Physical Layer in the OSI security framework.
Well, what is meant by the physical layer? It means thingslike:
- Limiting access to a server room
- Biological authentication for entrance to a company building
- Eavesdropping prevention for authentication data
- Internal threat preventions (i.e. employees, ransomware that’s breached the company wall) performing unauthorized actions
While security controls at other layers may fail without catastrophic results, the loss of physical security usually results in total exposure. This layer seems straightforward, however if it's not taken seriously, the entirety of a company can be compromised, therefore this must be addressed. You should try to practice the following:
- Limit access to your work laptop and keep strong passwords on all your company devices.
- Restrict access to your office space. In terms of the physical layer, compromising an employee’s devices from their home is less complicated than trying to do so within a company building. It is an isolated location and the obstacle for obtaining an employee’s authentication information is smaller. You need authentication to get to your work desk in your office, so try to put this same idea in place at home.
- Evaluate the placement of your router. Even if you are on a company VPN when working, keep your router in a discrete location but also where signal won’t suffer due to range.
Practicing endpoint security is important for preventing attacks that occur on devices from OS vulnerability exploits, or other attacks originating from something specific to the device it is occurring on.
Here are some tips for endpoint security on your company devices:
- Antivirus protection. Employees should be provided with a license to antivirus and malware software for use on their computers. Although this does not provide failsafe protection, it eliminates potential for many endpoint attacks.
- Scrap Unnecessary Data: Scrapping or deleting unnecessary data and uninstalling unused applications from your devices will free up excessive memory and prevent security risks. Unused applications installed on endpoint devices may collect information without the user’s consent and display excessive advertisements, interrupting the smooth functioning of the device. This can happen without your knowledge!
- DevicePatch Management: Businesses need to set up routine patches to address issues concerning operating systems and out-of-date certifications and licenses. Having a structured and proactive patch management program lessens system outages.
Cyber-Active is the New Proactive
We are entering a new era where cyberattacks are occurring more frequently and our business models are changing. It is critical to have your security practices also adapt to these changes, as well as to the new threats introduced every day. Addressing cybersecurity on a layer-by-layer basis is effective for a divide-and-conquer method to protect yourself and your digital work assets.
Communicate with your employer about their security practices that are in place. Are yours up to the standards of the practices held in the office? Close that gap, and take these precautions to be cyber-active.