Network Security Best Practices For Remote Employees
The year 2022 saw a number of high-profile data breaches that were carried out using social engineering including phishing, vishing, and smishing. In one of the cases, it turns out that the breaches could have been avoided if the employee had updated a third-party software they were using on their home computer.
As working from home becomes more prevalent, organizations will need to ensure that in addition to their corporate networks, the home networks of their employees are also protected. Cybercriminals are increasingly targeting organizations via their remote employees and this makes it extremely important to train remote workers and assist them in securing their home networks.
To this end, I am sharing network security best practices that employees should follow so that they can continue working from home securely.
Here are 12 best practices for securing your home network for telecommuting or working from home:
In the following sections, I will discuss each in detail.
When thinking about IT security, antivirus, malware, hacking, phishing, etc. come to mind right away. Physical security is probably the last thing that you would consider. But physical security plays a very important role in IT security and is critical in mitigating a number of security risks.
Direct physical access to your computers or network infrastructure allows criminals the opportunity to steal or damage the device, steal data, and upload malware. Imagine someone walking up to your computer and plugging in a thumb drive. That’s all that is needed to infect your entire network. All of the firewalls, security systems, and applications will be able to do little to nothing in such a scenario.
Therefore, physical security controls are necessary to protect your computer, network, and data from physical attacks carried out by breaking in, sneaking, or using social engineering. When working from home, the following physical security measures will help mitigate physical security risks:
Keep your work desk in a separate room that is not accessible to visitors.
Disable access to removable storage devices such as flash drives, USB hard drives, SD cards, etc.
Use a physical lock to secure your CPU
Ensure that your network devices, i.e. router, switch as well as network-attached storage (NAS) devices are not physically accessible to visitors.
No modern network is complete without wireless communication. While Wi-Fi is easy to set up, flexible, and costs less than wired networks, it comes with severe security risks. Wireless signals can be intercepted and this makes WiFi networks susceptible to interception or interference.
To keep wireless communications secure, you need to use a security protocol that can protect your wireless traffic. Wi-Fi Protected Access (WPA) is such a security protocol and WPA3 is its latest version, which succeeded WPA2. WPA protects wireless networks using several security features including encryption, authentication of wireless clients, and protection against unauthorized access.
Older network devices used a now obsolete protocol, Wired Equivalent Privacy (WEP) protocol, which had several serious security vulnerabilities. Therefore, to secure your wireless network, you must ensure that all of the devices on your network support WPA3 or at the very least WPA2. And if you need to purchase a new device, ensure it is WPA3-Personal certified.
Another potential security vulnerability on your network comes from Universal Plug and Play (UPnP), which is a set of networking protocols that allows networked devices, such as computers, wireless access points, and mobile devices to discover each other's presence on the network, and establish network services. Disabling UPnP helps plug some of the holes that may enable attackers to compromise your network.
Although it may not be evident, home networks are always at risk from vulnerable endpoints, to be specific, personal devices of family members and visitors, and internet of things (IoT) devices. Any device that connects to your Wi-Fi can gain access to virtually your entire network, including your work device.
Your home network is only as secure as the most vulnerable device on the network. So despite all security measures, your network may be compromised due to a vulnerable smart camera or an un-updated laptop of a visitor. So you need to have security measures in place that, in the event of a network breach, can prevent it from spreading to other network devices.
This can be done by segmenting your network into logical or functional units so that, in case of a network breach, the damage is limited to the infected segment. For example, you should have separate segments for work, visitors, and IoT devices.
Network segmentation can be done by creating a separate service set identifier (SSID) and Virtual Local Area Network (VLAN). This means that the devices will be on the same network hardware but on a separate virtual network. You can also apply separate encryption, authentication, and firewall rules to each SSID, allowing you to tighten or loosen security rules as needed without compromising your entire network.
Administrator accounts can access and overwrite configurations on your system. Because of this elevated privilege, compromised administrator accounts are a huge threat since they can access all data, install malware, and effectively compromise all devices on your network.
To prevent the risk of compromising your administrator account, use a non-privileged user account for everyday work and use the administrator account only for specific tasks such as maintenance, installation, and updates. Also, log out of the administrator account as soon as the administrative tasks are completed.
Additionally, it is also advisable to disable remote administration so that network configuration changes can be made only from within the internal network. This can prevent hackers from changing the network configurations of your network from outside.
A firewall is one of the most basic network security tools. It is a security filter between the Internet and your home network that monitors and controls the incoming and outgoing network traffic based on defined security rules. Routers usually come with firewall capabilities but it is always best to ensure that your router supports basic firewall capabilities for both IPv4 and IPv6.
Additionally, you should also verify that your routing device includes network address translation (NAT) as it prevents your internal network from being scanned through the network boundary.
Endpoints refer to the devices such as desktops, laptops, and smartphones connected to your network. Cyber attackers usually target these endpoints or devices to gain access to the network. For example, if a connected endpoint device is compromised by an attacker, they can use that device to gain access to the network and carry out further attacks.
Therefore, protecting the endpoints is critical for securing your network. Endpoint security combined with other network security measures can provide a comprehensive approach to network security.
Here are the endpoint security measures that you can use to secure your devices and your network:
1. Antivirus
A good antivirus software automatically scans files, emails, and web pages and blocks malicious content. This enables you to focus on tasks without having to unnecessarily worry about viruses.
2. Anti-malware
Most antivirus programs are specifically designed to target computer viruses and cannot completely protect you from malware. It is very common for businesses and their employees to be targeted by cybercriminals using malware. Therefore, it is worth investing in an anti-malware software, which is more adept at spyware, adware, and other similar malware.
3. Anti-phishing
Phishing emails are the most common cyberattacks that businesses face. In fact, there is a separate type of phishing called Business Email Compromise (BEC) that specifically targets businesses.
While most phishing attacks are relatively simple and easy to spot for the trained eye, targeted phishing, especially BEC attacks are becoming more and more difficult to identify. Therefore, it is worth investing in anti-phishing software and training such as those offered by KnowBe4.
4. Privacy Browser Extensions
The World Wide Web is full of malicious content and criminals who are constantly trying to exploit the digital vulnerabilities of individuals and businesses. So, when you are browsing the web for work or at leisure, you have to constantly fend off pesky pop-ups, intrusive scripts, trackers, and ads.
While most of these are merely annoying, many websites or applications may be collecting your personal data for social engineering, spear phishing, or selling on the dark web.
Thankfully you can use simple browser extensions to protect your online security and privacy. Here are 4 extensions that I recommend:
A password manager is a security software that alleviates many of the oppositions associated with implementing a strong password policy. Password managers allow users to store encrypted copies of all of their username-password combinations, which can be easily retrieved using a master password. They also help users come up with unique and complex passwords that meet the organization’s password policies.
Thus password managers help do away with the risks associated with simple passwords as well as the challenges associated with implementing strong password policies. And all this is achieved without frustrating the end users and with fewer instances of password change requests for the IT helpdesk.
The whole world became aware of the threat of eavesdropping in 2016 when Mark Zuckerberg posted a photo of himself celebrating reaching 500 million monthly users and keen observers noticed that on his laptop both the camera and mic jack were taped over.
Six years later, many of us have voice assistants/smart speakers and smart cameras monitoring our every word and every action 24x7. Imagine if a hacker were to gain access to any of these devices, they could listen in on your meetings, calls, and conversations, or capture videos of your screen or of the keyboard while you type your password. Although this is an extreme scenario, it is very much possible.
Therefore, to protect yourself from eavesdropping, limit sensitive conversations near voice assistants/smart speakers or any devices with listening capabilities. Also, mute your mic and cover your camera when not using them. Finally, if you have smart cameras at home, ensure that your desktop or laptop screen and keyboard are not directly in its line of sight.
While most of your focus is on preventive measures, you should not neglect remedial measures. There is no foolproof cybersecurity system that can protect you 100% against cyberattacks. Most of us will likely face either a security breach or a device failure. How do you get back up and running after that?
If you answered, “using backups”, you’re 100% correct. Backups are useful not only in case of device failures but also in case of malware infection, ransomware, etc. In fact, wiping your device clean and restoring from a secure backup is the only “guaranteed” protection against ransomware.
Here are our recommended backup best practices:
Perform regular backups, ideally daily.
Don't keep your local backup media connected at all times.
Backup a copy of your critical data to the cloud
Occasionally test your backups and recovery.
It is very important to occasionally test that the backups are working properly and that the recovery process works without any problems. You do not want to find issues with either the backup or recovery process after your device crashes or is infected with ransomware.
Regularly reboot computers and mobile devices to apply patches and security updates. As an added bonus this will also free up your computer’s resources, making your device run faster and smoother.
While network security is important for protecting your internal network and connected devices, it is not sufficient for protecting remote connections to your corporate network. Without proper security measures, your remote connections are vulnerable to interception and eavesdropping. To protect the connection and transmitted data, a security measure is necessary whenever an employee connects to a company’s internal network via the Internet.
Virtual Private Network (VPN) enables you to remotely connect to your corporate network via a secure tunnel and securely access work information. It uses advanced encryption and authentication protocols to ensure that your company’s network infrastructure is safe from unauthorized access and snooping.
To learn more about VPNs and how to select the right one for your business, check out our blog: What Is A VPN And How To Choose The Best One For Your Business.
Whether you are working from the office or home, social media invariably finds its way onto your devices, sometimes as part of work and at other times for leisure. But your use of social media is rife with risks. Cybercriminals use a number of different methods to target users on social media platforms.
Even apparently innocuous activities such as posting vacation photos or travel plans, or posting about a new job can give cybercriminals incentive to target you with social engineering, phishing, catfishing, and other commonly used tactics. Therefore, it is essential to follow social media best practices that help you to mitigate the risks associated with social media usage.
I have discussed the risks of social media use and best practices for businesses in detail in an earlier blog. You can access it here: Social Media Security Risks To Businesses And Best Practices.
Conclusion
A work-from-home policy brings a lot of security challenges for an organization. Securing the home networks of its employees is demanding because they are not in its control. Additionally, the sheer number and variety of devices on the home networks mean a much greater attack surface that cybercriminals can target.
However, the security of home networks is not entirely a losing cause. With the right tools and training, organizations can help their employees secure their home networks, thus ensuring the flexibility and mobility of remote workers do not bring any unnecessary risks to the business.
Does your company have remote workers who telecommute? Do you have security measures in place to protect your internal network and data from potential risks associated with remote work? Reach out to us by clicking the button below and learn how we can help secure your network infrastructure and facilitate secure remote access.
If you liked the blog, please share it with your friends