Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


// // //
01:00 PM
Bert Kashyap
Bert Kashyap

How to Secure Employees' Home Wi-Fi Networks

Businesses must ensure their remote workers' Wi-Fi networks don't risk exposing business data or secrets due to fixable vulnerabilities.

While we are close to seeing the light at the end of the COVID-19 tunnel, there is no sign that the work-from-home trend it created will be coming to an end soon.

Even prior to the pandemic, the number of employees who work remotely has been rising continuously. In fact, 36.2 million Americans (22% of the workforce) will be working remotely by 2025. While allowing staff to work remotely gives greater flexibility to corporations, it also comes with cybersecurity risks. It is becoming increasingly paramount for companies to ensure their employees' home Wi-Fi networks are secure.

Related Content:

How Can I Help Remote Workers Secure Their Home Routers?

Special Report: How Data Breaches Affect the Enterprise

New From The Edge: How to Create an Incident Response Plan From the Ground Up

Home Offices Are Easy Targets for Cybercriminals
Today's hybrid work-from-home scenario demands that chief information security officers (CISOs) look at home Wi-Fi access and IT infrastructure as part of the entire enterprise security ecosystem. This is to ensure that the networks employees use are secure whether they are in or out of the office. Otherwise, they could be at a real risk of being vulnerable to hackers.

Home ownership is public information. A hacker can park near an employee's home, steal their Wi-Fi credentials, and reroute the home network so that all traffic is sent to the hacker. The hacker can then infect the employee with ransomware, spy on corporate activity, or conduct other potentially devastating, malicious attacks.

According to an IBM study, human error is the cause of 95% of cybersecurity breaches. This staggering statistic indicates that people simply don't know what to look for to protect their information. Few employees are well versed in regularly updating their router software to stay up to date on vulnerabilities, leaving countless attack vectors open at home.

Security Risks for Using Unsecured Wi-Fi at Home
A major security risk associated with remote work is wardriving: stealing Wi-Fi credentials from unsecured networks while driving past people's homes and offices. Once the hacker steals the Wi-Fi password, they move on to spoofing the network's Address Resolution Protocol (ARP). Next, the network's traffic is sent to the hacker, and that person is fully equipped to access corporate data and wreak havoc.

A typical home-office router is set up with WPA2-PSK (Wi-Fi Protected Access 2 Pre-Shared Key), a type of network protected with a single password shared between all users and devices. Unfortunately, WPA2-PSK is by far the most common authentication mechanism used in homes, which puts employees at risk for over-the-air credential theft.

WPA2-PSK does have a saving grace, which is that the passwords must be decrypted once stolen. Password encryption can prevent hackers from stealing passwords once they have them, but only if they are unique, complex, and of adequate length. Avast conducted a study of 2,000 households that found 79% of homes employed weak Wi-Fi passwords. In addition, a 2018 study found 82% of respondents have never changed their default Wi-Fi password. Weak and common passwords can be decrypted in seconds with a Rainbow Table, giving hackers unmitigated access to your network.

Two Ways to Secure Employees' Home Wi-Fi

1. Educate Employees About Cybersecurity at Home
It's vital to train staff members how to spot and handle phishing attacks and other forms of social engineering. Educate employees on common tactics such as phony emails and spoofed websites and to always double-check before entering credentials anywhere. While educating employees is an essential first step, the fact of the matter is that all it takes is one mistake by a single employee to put an entire organization at risk for an attack.

2. Secure Home Wi-Fi With Enterprise-Grade Networks
A WPA2-Enterprise network is the most frequent type used by organizations due to its increased security and customization capabilities. WPA2-Enterprise networks use a RADIUS server with Extensible Authentication Protocol (EAP) that ensures information sent to the RADIUS is protected. If employees are working remotely and accessing sensitive resources, you want to guarantee they have the best possible protection. WPA2-Enterprise is not only the best method for securing home Wi-Fi networks; it's become far more accessible in recent years.

Enterprise-grade infrastructure, previously unobtainable for smaller organizations, has gotten significantly less expensive in the past decade. In turn, this allows small to midsize businesses to adopt top-notch security at incredibly cost-effective rates. Plus, many of these new WPA2-Enterprise capable Wi-Fi products can be managed entirely from the cloud, making it remarkably efficient to deploy and manage WPA2-Enterprise network security for your employees at home.

Prioritize Wi-Fi Security for Remote Work
As the world continues to adjust to whatever the new normal might be, it's important for organizations to continue prioritizing security companywide, whether employees are back in the office or still at home. Working from home appears to be here to stay, with nearly 90% of those who have been able to work at home not wanting to go back to the office full time. It's imperative to take the necessary steps toward securing home and office networks and make sure employees work from home safely without putting their organizations at risk of an attack.

Bert Kashyap is the co-founder of SecureW2. With over 20 years of experience in networking and cybersecurity, Bert has used his diverse security background to quickly grow SecureW2 into an industry leader for certificate-based security, and a trusted partner of many of the ... View Full Bio
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
4/30/2021 | 8:28:51 AM
WFH and Always On VPN
Employees must have privacy in their own homes.  Business does not have a right to force employees to modify equipment at home.  However, business can and should use Always On VPN (and two factor authentication) on company assets to protect connection to corporate information.  I've also heard companies are using VDI to substantually reduce the risks, creating a virtual machine so that data never leaves the company, which reminds me of green on black  days (all things are circular). Some other proposed alternatives would cost too much money, invade privacy, and be nearly impossible to audit IMHO.
User Rank: Apprentice
4/29/2021 | 1:02:24 PM
Re: Wifi at home

Agree with you here Paul. Companies need to take ownership over their employees home Wi-Fi security. I think they can drop in the hardware, as long as it's managed from the cloud and authenticates against one of the newer Cloud RADIUS servers. 

User Rank: Strategist
4/29/2021 | 7:10:09 AM
Wifi at home
Thats all great and all, but your regular Jill/Joe user is still very technically illiterate, dont put the burden on them. Unless the company drops hardware in forget it. if you have Corp devices always on VPN or some sort of service like Palo Prism-a. BYOD should be treated like corp unless you have some sandboxing application that abstracts and virtualizes the app (citrix, etc). Yeah still cant go cheap and consummer in this day and age security vendors still have no proper solution just snake oil.
User Rank: Apprentice
4/29/2021 | 5:21:16 AM
Nice article
Securing a home network is a major concern now, as the majority is doing WFH.
Jake L
Jake L,
User Rank: Apprentice
4/28/2021 | 5:36:55 PM
Enterprise security at home
Keeping an eye on the prospect of using enterprise level security for remote employees. The big problem with using enterprise security at home today in my opinion is the lack of infrastructure available for Home Users. Hopefully Fortinet's new partnership with Linksys will improve the options available
Kainoa Lee
Kainoa Lee,
User Rank: Apprentice
4/28/2021 | 4:28:09 PM
Good Start to Eliminating Credential Theft
I think educating employees on the dangers of credential theft is a great start on how we can better protect our networks from data theft. The use of an Enterprise-Grade network for remote workers can help achieve that and further secure networks through a stronger authentication method (like EAP-TLS).
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Everything You Need to Know About DNS Attacks
It's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask. Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted. Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
PUBLISHED: 2023-05-26
Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...
PUBLISHED: 2023-05-26
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type="text"` via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates `ty...
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was...
PUBLISHED: 2023-05-26
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file