Since the global pandemic gained a foothold, many of us now work remotely. Your home Wi-Fi network that you previously used primarily for streaming games and movies has now been thrust into the front and center of your home operations. Your Wi-Fi is your connection to the outside world; and your "home team" also is likely using it to connect to their workplace and school.
In addition to ensuring enough bandwidth, it is now imperative that you consider security. You have become the CISO of your own domain!
Do you know how to protect your home network?
What does that mean for you? Should you purchase advanced security software for network monitoring? Do you have to attend ethical hacking classes to learn where your vulnerabilities are?
I recommend that we first stick with the basics. There are several things that you can do at little or no cost to help protect your home network.
Your first move as CISO is to set the tone at the top. Discuss the importance of cybersecurity with your remote workers as well as their responsibilities. What are some of the dreadful things that can happen if basic security protocols are not followed? Training and awareness are critical.
Start with the basics, and set “policies” to help clarify and outline expectations and responsibilities:
- Acceptable use policy. Define things like the appropriate use of email and social media; keeping up-to-date antivirus software; what software is acceptable (with emphasis on not downloading unknown software); a "just say no" policy to any unknown requests to access computers or devices; and what needs to be done in the event of compromised computer or device.
- Password policy. Understand the need for complex passwords; changing passwords on regular intervals; clear guidelines about using different passwords.
- Communication policy. Understanding how to spot phishing emails and other scams, and to avoid clicking on unknown links. Verify the source of an attachment before downloading onto a computer or device.
- Patch management policy. Operating systems, antimalware programs, web browsers and other applications regularly update themselves, but not all programs do. For those programs that don't automatically update, set a regular schedule to review and apply patches.
- Internet use monitoring and filtering (parental controls) policy. Communicate the appropriate sites that should not be visited; also apply hardware and software parental controls where necessary.
- Business continuity plan and disaster recovery policy. What is the plan if the Wi-Fi isn't available? How will work or school continue? Is the contact list for computers, devices and routers up to date?
Simple and advanced settings to adjust
Now that you have laid out the policies and ground rules, you need to put on your security engineer's hat and begin to secure your home network.
- Change the name of your default home network and change the name of your Wi-Fi's network or service set identifier (SSID). Changing the default name makes it harder to discover the type of router and service you are using.
- Follow your password policy and change the default password to a unique strong password.
- Ensure that you are connecting using strong encryption using the WPA2 advanced encryption standard.
- Disable guest access.
- Disable remote login.
- Enable your router's firewall.
For more advanced technicians, consider these security measures:
- Change your Wi-Fi's default IP address. It can make it more difficult for hackers to guess.
- Turn off Dynamic Host Configuration Protocol (DHCP). Consider using Media Access Control (MAC) filtering and only allow approved devices on the network.
- Disable remote access on your router.
- Keep your router's software up to date by patching and updating firmware.
- Review the devices connected to your router, including your TVs and other IoT devices; make sure that everything on the list is an authorized computer or device.
- Network segmentation can be used to isolate risky devices like IoT.
- Turn off any features or services that could pose a security risk, such as Telnet, Universal Plug and Play (UPnP), Secure Shell (SSH) and Home Network Administration Protocol (HNAP).
To help illustrate the importance of becoming the CISO of your own domain; a COVID-19 study recently completed by ISACA shows that only 51% of the respondents were highly confident in their security team's ability to detect and respond to cyberthreats during this pandemic. Meanwhile, 87% of respondents reported that, with the rapid shift to work from home, there has been an increased risk in data privacy and protection issues and 92% say threat actors will increase cyberattacks on individuals.
This means that the home team is increasingly vulnerable to all types of security threats. Therefore, it is essential to set the tone for cybersecurity at home. Help everyone understand the need to stay safe online. Finally, take a moment to inventory your home network to ensure that the best practices have been applied.
About the author
Pamela Nigro, CISA, CRISC, CGEIT, CRMA, is an ISACA board director and a senior executive experienced in governance, risk, compliance and cybersecurity focusing on the healthcare and insurance industries. She is a recognized subject matter expert in HIPAA, HITRUST, SOC 1, SOC 2, Sarbanes-Oxley (NAIC-MAR) and IT/cybersecurity controls and risk assessments. Nigro is also an adjunct professor at Lewis University, where she teaches graduate-level courses on information security, ethics, risk, IT governance and compliance and management of information systems in the MSIS and MBA programs.