First Step to Improve Work From Home Security

As I said earlier this week, Work From Home or WFH is the new normal and the hackers know it. WFH may make your employees happier and more productive, but it also makes hackers happier and more EFFECTIVE.

Why? Because all that effort you have taken to improve the security of your corporate networks doesn’t exist on those home networks.

Let’s start with the gateway device. Typically, the ISP provides a router or a modem. Sometimes the employee buys one.

Note that they do not call it a firewall – because most of the time it is not.

Also note that it likely has not been updated since it left the factory and your employees have (a) no idea, (b) no access or (c) not enough technical skills to update it. Pick any three of the above.

Also likely, but not always, it is the best device your employee’s ISP could buy at the time for $12.95.

That modem or router gives your ISP full access into your employee’s home network. They will say that they don’t look and as a matter of course that is probably true, but that doesn’t necessarily mean that a particular technician might not think that making the security camera that you put in your teenage daughter’s bedroom (hint: really bad idea) exposed to the Internet can earn him some cash. In case you think this can’t happen, it can and has. First thing to do is to remove those cameras in sensitive areas.

That modem or router has a password. For the ISP to get into it. For many models it is hardcoded and not changeable, not visible via the modem’s user interface and not disableable. What do you think about that? Likely that password is the same for all 2 million copies of that modem. If you think that is not true, all you have to do is ask Cisco or Fortigate. You pay a lot more for their gear and it has hardcoded passwords. They seem to fess up to a new one every month or two.

Now lets get back to patching. Two examples today.

Netgear has admitted that 79 models of their routers are vulnerable to a serious security flaw (their words; see article here).

For many of those models Netgear has not even created a patch yet. For others there never will be because those models are no longer supported.

How many of those modems do you think will ever be patched? Close to zero.

Second bug.

Researchers found 6 bugs in a D-Link consumer router. It is a critical, command injection bug.

Guess what. IT WILL NEVER BE FIXED BECAUSE, D-LINK SAYS, THE ROUTER IS OBSOLETE.

How many of your employees even know what brand of modem or router they are using?

Which, unfortunately, leaves the problem of protecting your computers, your networks and your data in YOUR hands.

Sorry.