Simply put, work-from-home has become the new normal in the post COVID world. With cases that are going over roofs, working from offices like old days are going to be like some distant dream for the longest time. A paramount shift in the overall work culture has its own set of challenges. This article addresses the most common cybersecurity vulnerability in transiting to Work-from-Home.
There is a recent surge in the request, even from large organisations to build a robust Work-from-Home IT policy that can take care of the protection of sensitive data on an employee device, while he/she is working from home. But what worries me, is that most SME and Startup organisations have weak or almost no policy to counter the security issue arising from Work-from-Home. The most susceptible security part of Work-from-Home culture is the home WiFi router, securing which is the fundamental step in this direction. Everyone is fairly aware that the use of public Wi-Fi to conduct any sort of confidential business dealing, is not a good idea. You never know who may be "listening in" to an unsecured network, but is that not true for Home networks? Are enough measures taken to protect a home WiFi network?
If your Wi-Fi network isn't secured properly that includes a public IP address, no unique Wi-Fi password, you could be letting anyone with a wireless-enabled device gain access. You might not be worried about someone using your wireless connection, but the real risk is exposing sensitive information you send and receive like your emails, banking information, and maybe even your smart home's daily schedule to the cybercriminals. It also controls access to all of your phones, tablets, laptops, and more. If someone else gains access to that network whether a remote hacker or your next-door neighbour, it can be quick work to compromise those devices. That's because Wi-Fi signals are often broadcast beyond the walls of buildings and homes and out into the streets - an enticing invitation for hackers. No wonder that wardriving or drive-by hacking is a favourite pastime amongst cybercriminals. We have laid down a few steps, which you or your regular computer maintenance engineer will able to configure, ensuring a cyber-safe environment:
So the starting step would be to set up a strong, unique password that cannot be easily guessed (Please note that every WiFi router has 2 passwords, one being the WPA access and the second being router Admin Console password). Next step would be to make sure network encryption is activated. Step 3, would be to hide your WiFi broadcast name. The next step is to disable remote access or make sure your Wi-Fi does not broadcast your network name. And, most importantly, make sure the router's software is up to date.
Step 1 – Setting Up A Password
Most users are not aware that there are 2 passwords that need to be taken care, one being the WPA or the password that you are prompted while connecting with the router and the other which is the most important, the password for your router's Admin Console.
All manufacturers set a default batch of passwords for the Admin Console which are available easily on many online websites, hence it is very important that this password is changed. As with any password, make it very hard to guess but impossible to forget. One should use at-least WPA2 security settings on the router, this is enabled by default on just about every router, but if it's not active on your device, switch it on through your router settings.
Note: Please visit your router manufacturer website to learn how to change the Admin Console password or remind your computer maintenance engineer while setting up the router. Ensure that this is a password created by you and is not known to the computer maintenance engineer.
Step 2 – Activate Network Encryption
Some Wi-Fi access points or routers still offer the older WEP (Wired Equivalent Privacy) standard of protection, You need not go into details here, all you should know is that but it is fundamentally broken. That means that hackers can break into a WEP-protected network using a hacking suite like Aircrack-ng in a matter of minutes. So to keep out intruders, it's essential to use some variant of WPA (Wi-Fi Protected Access) protection, either WPA or the newer WPA2 standard (or WPA3 when it lands).
Some Wi-Fi routers offer a feature called Wireless Protect Setup (WPS) which provide an easy way to connect devices to a WPA protected wireless network. However, this can be exploited by hackers to retrieve your WPA password and while the ease of connecting with a PIN works well for convenience, it is also more vulnerable to the brute force of the hacker than an alphanumeric password. so it is important to disable WPS in the router's settings.
Step 3 – Hide Your SSID Or Network Name
Your router should have the option to hide the SSID of your main network—basically the name of the network that appears when your devices scan for Wi-Fi. If visitors can't see this network then they can't connect to it, but you'll be able to add devices to it because you'll know what it's called. (And if you're not sure, it'll be listed in your router settings.)
If your router has the option of broadcasting a so-called guest network, take advantage of it. As the name suggests, it means you can grant your guests access to a Wi-Fi connection, without letting them get at the rest of your network.
It's not like your friends and family are hackers in disguise, it puts another speed bump in the way of someone who is secretly trying to get access to your network without your permission—even if they're able to get on the guest network, they won't be able to take control of your other devices or your router.
Please refer to the link below to learn more on hiding your SSID or Network Name (We recommend you to visit your router manufacturer website for the most accurate information) and setting up Guest Network on your router:
Step 4 - Disable Remote Access, UPnP And WPS
A lot of routers come with features designed to make remote access from outside your home easier, but unless you need admin-level access to your router from somewhere else, you can usually safely turn these features off from the router settings panel. Besides, most remote access apps work fine without them.
Another feature to look out for is Universal Plug and Play. Designed to make it easier for devices like games consoles and smart TVs to access the web without making you wade through a lot of configuration screens, UPnP can also be used by malware programs to get high-level access to your router's security settings.
Step 5 - Keep The Firmware Up to Date
Your router runs low-level software called firmware which essentially controls everything the router does. It sets the security standards for your network, defines the rules about which devices can connect, and so on.
Some more modern routers update themselves in the background, but whatever model you have, it's always worth making sure the firmware is up to date. This means you've got the latest bug fixes and security patches, and are protected against whatever exploits have just been discovered.
The process varies from router to router, but as with the password settings, the option to update your router's firmware shouldn't be too difficult to find within the router control panel. If you get stuck, check the router documentation or the official support site on the web.
Some Hygiene That One Should Take Care:
1. Avoid using routers supplied by ISPs. These routers are typically less secure than those sold by manufacturers to consumers. They often have hard-coded remote support credentials that users can't change and patches for their customized firmware versions lag behind patches for the same flaws released by router manufacturers.
2. Turn on HTTPS access to the router interface, if available, and always log out when done. Use the browser in incognito or private mode when working with the router so that no session cookies are left behind and never allow the browser to save the router's username and password.
3. Anti-virus protection programs can help fend off hackers and keep your hardware safe. Between taking the proper measures for network security and ensuring that your anti-virus programs are up to snuff, you can deliver a big one-two punch to keep your data safe.