Securing devices at home and work is a new challenge for families and for companies. The mass shift to working from home started at the very beginning of the pandemic and is going to be the new normal for the near future. We have blurred the lines between work and home, and the same applies to our computers and devices and those in the home using them.
So, what is the problem?
For one our corporate systems usually have a much greater level of security applied to them. This is usually done through software and procedures. How many of us use a VPN for our corporate devices, but not for our home ones? How many of us have enterprise-level security on our home Wi-Fi networks? This opens endless possibilities for cybercriminals, keen to compromise the safety of our data.
Secondly as majority of corporate employees are continuing to work from home, with less than enterprise level security, this has introduced what was once a relative minor issue in technology; exposure from the employees’ family. Now the employees’ home devices as well as the individuals using them is a security priority as much as a direct breach to the corporate organization. Harder to protect and just as catastrophic. Just look at the recent events our own Michael R Sheehan described in his LinkedIn article Lack of Education is the Power of Theft, it shows the ease cybercriminals can access end users and their personal equipment.
It is now more crucial than ever to know how to separate work communication and devices from personal. Also how to keep them independently secure.
BOGO for the bad guys
Cybercriminals are more active than ever before, as this new corporate world presents a terrific opportunity to get access to a company (or several) by leveraging a home system on the same physical insecure home network. Now that is really the prize, access to a corporate infrastructure. All the data on people, places and things for the taking and selling.
Also due to the habits of people, the breach now has the possibility of gathering all the personal data of the first victim. Then a truly disheartening scenario is possible, the breach at the corporate enterprise continues to infect other home networks and gains access to new unrelated businesses.
This event is not farfetched nor a story for a thriller movie. If a breach happened in your corporate infrastructure and you have been using your company’s laptop to check your personal email or to access your bank account, now cybercriminals could have possible access to your personal information. What if your personal smartphone is compromised? If you have been using it for work-related activities, now criminals can get the same corporate info you have access to. It is a feast for them and a danger to you and your employer!
Corporate Bring Your Own Device programs compound this problem.
But my work system is secure, right?
Another common and false sense of security is that devices provided by employers are secure. No one would try to break into a laptop from your IT department, right? Wrong, almost any system can be breached, it is a matter of how much time and effort criminals want to put into it. While your work devices are usually going to be more secure than your personal ones, they are not invulnerable. Cybercriminals just work harder to compromise corporate accounts, but the rewards are worth it. Then there is the difficult discussion about the dubious actions of internal employees with a grudge. Theft from an internal employee who had all the keys to bypass the corporate security.
7 Tips on how to secure your devices at home and work
To help you improve the security of your home and corporate devices, we prepared a checklist of things you should remember:
- Do your best to separate your corporate devices from your personal ones. This can simply mean having two different computers. It can also mean increasing your home’s network security by having multiple vLAN to break out corporate, personal and IoT devices.
- Always use your corporate-supplied VPN. Regardless if you are on a guest, public or even your home Wi-Fi. Never connect you work or personal systems to a public Wi-Fi network without a VPN.
- Set up strong, long, and unique passwords for all devices you use and never share them with anyone. Use a Password Manager to control and secure them. Once you have a password manager, you should stop reusing the same password in multiple locations. Having unique passwords for all your accounts will compartmentalize or silo that one account should it ever be compromised.
- Configure Two Factor Authentication (2FA) and Multi Factor Authentication (MFA) wherever possible. This applies to both corporate and personal accounts. You should be leveraging phone calls and authenticator applications as well. SMS text messaging is no longer considered a secure method of communication.
- Keep all your devices updated to the latest version available and run security scans on a regular basis.
- Always confirm emails and texted links from family and friends. Remember they could have been breached and that link you just got could be part of the plan to extend the impact of victims. A few extra minutes verifying will save you financially and psychologically in the long run.
- Never leave your unlocked devices unattended. When working and stepping away from the device, always lock it. When you finish working, always log out and place your work laptop in a secure place. Infected, broken and improper use of corporate devices is on the rise with more parents working from home. Kids are typically curious not malicious, protect them as well as yourself.
These tips are an excellent starting point to securing both your home and corporate digital world.