Editor’s note: Commercial Integrator has teamed up with the IMCCA, the New York-based non-profit industry association for unified communication and workplace collaboration, to produce a quarterly supplement, titled Collaboration Today and Tomorrow, that focuses on all things collaboration from multiple perspectives.
Providing internet connectivity in a corporate office environment entails several layers of advanced technology, and a team of qualified experts must manage and monitor what should and should not be happening. In many cases, this even involves external experts and services from specialized partners. Amid explosive growth during the past decade in costly cyber-incidents, we’ve even seen this at the level of small and medium-sized enterprises. That is a positive development.
Your private internet connection is exposed to the same risks as enterprise internet connections — although we are not always aware of them — and those risks get significantly larger when a home office comes into play. Enterprise-grade security solutions and private internet connections are not an equal match. And yet, there is an imperative to “play along” when home office or work from anywhere becomes the standard. This is the new reality, commonly known as hybrid work.
All that multi-layered, advanced technology that secures internet connectivity at the enterprise level is wrapped up into a simple and mostly small box for the home — namely, your internet router. What about that team of experts that manages the security solutions, monitors the traffic and, when needed, takes corrective actions? Well, that’s now you! Welcome to your new job as chief security officer for your home office and your personal internet connection!
You’re Now Chief Security Officer
Your internet router is at the heart of providing the Internet and Wi-Fi through which most devices connect to the world. All modern internet routers have a web interface, and, if you haven’t yet seen the web interface of your internet router, you have some important homework to do. In many cases, you will find a label at the bottom with details, including how you can get into your router from a connected device.
If you cannot find that information, go to your preferred search engine, type the brand and type of device, and then type “connect to web interface.” You will most likely find the instructions to connect to your internet router, and, surely, there will also be a link to a user manual. I recommend you save that for later so you can look for what you need as we start securing things.
You are now connected to your internet router. You logged in with the default credentials or the credentials you found on the label, right? Let’s start with a very important step: Change those credentials to something that only you know. And please do not put a Post-it note on the router with the new credentials. Instead, use a password manager to make sure your credentials are stored safely. If you are unfamiliar with how to change the credentials, just search in your preferred search engine for brand and type, followed by change password.
The next essential thing to secure your internet router is to make sure that the latest firmware is installed and the patches are up to date. This will often be an option in the system settings, and most devices now offer the option to check the current version with the supplier. When a newer version is found, it is very important that you install it immediately. The process will vary by brand, but, in most cases, it means that the latest version is downloaded to your router. Once done, you should give the OK to install it. This will almost always mean that the device will restart after the installation. It’s important that you don’t turn off the device during the update process; if you do, you could end up with a useless device.
Get Your Walking Shoes
With your administrator account protected and all updates installed, your first level of defense is now in place. Now, we get to the walking around part! You likely have many devices connected to your internet router — mostly of them through Wi-Fi. All these devices form a potential risk for your home-office setup; with that, they also pose a risk to the teamwork between your home office and the enterprise network. Hackers might not have tremendous interest in that so-called smart device on your network — but it might be a conduit to attack something else. For example, hackers could target your company notebook or the connection with your company network.
Integrators have the potential of becoming ‘trusted partners’ for home cybersecurity issues and in other areas.
Exploiting unpatched vulnerabilities is the easiest path for hackers and cybercriminals. To avoid that, you will need to put in the work at regular intervals. Each device that connects to your network and internet service must be checked for updates and patches, as well as for risky default login credentials. Your internet router could easily become your best friend in this exercise; it can offer you an overview of all the devices that have connected with the router in the past. You can use that as a checklist to make sure no device ever escapes your attention.
You will need to check updates and credentials device by device. You might discover that some older devices no longer receive updates from the suppliers. You might want to consider replacing those devices. A relatively good alternative is to place them in a separate segment of your home network and configure that network segment not to allow communication with other devices and segments.
Segmenting Your Network
Segmenting your network is a good example of what’s already common practice for enterprise networks, and it’s definitely not a bad idea for home networks, either. Most modern internet routers support it, but users might be scared away by the perceived complexity of doing so. I use the word “perceived” because, in reality, it’s not as complicated as it might sound. It’s beyond the scope of this article to describe all steps for all routers on the market, but very good step-by-step guides are available. They’ll help you make the necessary changes to your internet router.
One thing to consider is to make a few of these segments, each of which is properly separated from the others. One might be the above-mentioned segment for older devices, where you want to contain the risks posed by devices that no longer receive updates. There could be another segment where you place all other personal devices. Finally, there could be a segment in which you place all devices related to your home office. That can be more than just a notebook, of course, and it’s fully dependent on your situation. For example, when you have a network printer that you want to use for private and work documents, you can place that in a segment without internet connection with which other segments can communicate.
Considering Alternative Solutions
For the reasons described, it’s always a good idea to make sure your devices have the latest patches and updates. It’s not just related to securing your home office, either. And, as noted, it’s possible to take additional steps, such as segmenting to separate traffic between personal and professional devices. However, I must admit that this is not everybody’s cup of tea, and it will most likely involve some trial and error until it all works perfectly.
Thus, a growing number of enterprises have chosen a different path to secure their employees’ hybrid-work environments. We see, for example, some opting to provide their employees with a remotely managed router, which they can connect to their private internet router. All work-related devices will only connect to that company router, and that router will use the available internet connection to create secured and encrypted connections with the company network.
Although this takes away a lot of pain points and risks, as well as the burden of depending on everyone to secure their own devices and routers themselves, it is not a workable solution for frequent travelers or for work-from-anywhere setups. In these cases, solutions like forced VPN and its smarter successors, as well as encryption and hardening of all devices, come into play.
Ultimately, Security is Up to You
Although many people are rejoicing at the explosion of hybrid working and working from home, it’s obvious that securing home environments takes a level of effort that the typical user might not be aware of. Therein lies an opportunity for integrators. They might be called upon to help design or set up these home environments, and integrators have the potential of becoming “trusted partners” for home cybersecurity issues and in other areas. Providing education, and in some cases services, to these remote employees could prove the differentiator in a tight marketplace.
Whether it’s done with external integrator support, via enterprise resources or just by end users’ own savvy, securing the new home office will clearly be a critical task.
Dr. Johannes Drooghaag is chief information security officer and data protection officer with Wedo.
