theDocumentId => 1340764 How to Secure Employees' Home Wi-Fi Networks

Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

4/28/2021
01:00 PM
Bert Kashyap
Bert Kashyap
Commentary
100%
0%

How to Secure Employees' Home Wi-Fi Networks

Businesses must ensure their remote workers' Wi-Fi networks don't risk exposing business data or secrets due to fixable vulnerabilities.

While we are close to seeing the light at the end of the COVID-19 tunnel, there is no sign that the work-from-home trend it created will be coming to an end soon.

Even prior to the pandemic, the number of employees who work remotely has been rising continuously. In fact, 36.2 million Americans (22% of the workforce) will be working remotely by 2025. While allowing staff to work remotely gives greater flexibility to corporations, it also comes with cybersecurity risks. It is becoming increasingly paramount for companies to ensure their employees' home Wi-Fi networks are secure.

Related Content:

How Can I Help Remote Workers Secure Their Home Routers?

Special Report: How Data Breaches Affect the Enterprise

New From The Edge: How to Create an Incident Response Plan From the Ground Up

Home Offices Are Easy Targets for Cybercriminals
Today's hybrid work-from-home scenario demands that chief information security officers (CISOs) look at home Wi-Fi access and IT infrastructure as part of the entire enterprise security ecosystem. This is to ensure that the networks employees use are secure whether they are in or out of the office. Otherwise, they could be at a real risk of being vulnerable to hackers.

Home ownership is public information. A hacker can park near an employee's home, steal their Wi-Fi credentials, and reroute the home network so that all traffic is sent to the hacker. The hacker can then infect the employee with ransomware, spy on corporate activity, or conduct other potentially devastating, malicious attacks.

According to an IBM study, human error is the cause of 95% of cybersecurity breaches. This staggering statistic indicates that people simply don't know what to look for to protect their information. Few employees are well versed in regularly updating their router software to stay up to date on vulnerabilities, leaving countless attack vectors open at home.

Security Risks for Using Unsecured Wi-Fi at Home
A major security risk associated with remote work is wardriving: stealing Wi-Fi credentials from unsecured networks while driving past people's homes and offices. Once the hacker steals the Wi-Fi password, they move on to spoofing the network's Address Resolution Protocol (ARP). Next, the network's traffic is sent to the hacker, and that person is fully equipped to access corporate data and wreak havoc.

A typical home-office router is set up with WPA2-PSK (Wi-Fi Protected Access 2 Pre-Shared Key), a type of network protected with a single password shared between all users and devices. Unfortunately, WPA2-PSK is by far the most common authentication mechanism used in homes, which puts employees at risk for over-the-air credential theft.

WPA2-PSK does have a saving grace, which is that the passwords must be decrypted once stolen. Password encryption can prevent hackers from stealing passwords once they have them, but only if they are unique, complex, and of adequate length. Avast conducted a study of 2,000 households that found 79% of homes employed weak Wi-Fi passwords. In addition, a 2018 study found 82% of respondents have never changed their default Wi-Fi password. Weak and common passwords can be decrypted in seconds with a Rainbow Table, giving hackers unmitigated access to your network.

Two Ways to Secure Employees' Home Wi-Fi

1. Educate Employees About Cybersecurity at Home
It's vital to train staff members how to spot and handle phishing attacks and other forms of social engineering. Educate employees on common tactics such as phony emails and spoofed websites and to always double-check before entering credentials anywhere. While educating employees is an essential first step, the fact of the matter is that all it takes is one mistake by a single employee to put an entire organization at risk for an attack.

2. Secure Home Wi-Fi With Enterprise-Grade Networks
A WPA2-Enterprise network is the most frequent type used by organizations due to its increased security and customization capabilities. WPA2-Enterprise networks use a RADIUS server with Extensible Authentication Protocol (EAP) that ensures information sent to the RADIUS is protected. If employees are working remotely and accessing sensitive resources, you want to guarantee they have the best possible protection. WPA2-Enterprise is not only the best method for securing home Wi-Fi networks; it's become far more accessible in recent years.

Enterprise-grade infrastructure, previously unobtainable for smaller organizations, has gotten significantly less expensive in the past decade. In turn, this allows small to midsize businesses to adopt top-notch security at incredibly cost-effective rates. Plus, many of these new WPA2-Enterprise capable Wi-Fi products can be managed entirely from the cloud, making it remarkably efficient to deploy and manage WPA2-Enterprise network security for your employees at home.

Prioritize Wi-Fi Security for Remote Work
As the world continues to adjust to whatever the new normal might be, it's important for organizations to continue prioritizing security companywide, whether employees are back in the office or still at home. Working from home appears to be here to stay, with nearly 90% of those who have been able to work at home not wanting to go back to the office full time. It's imperative to take the necessary steps toward securing home and office networks and make sure employees work from home safely without putting their organizations at risk of an attack.

Bert Kashyap is the co-founder of SecureW2. With over 20 years of experience in networking and cybersecurity, Bert has used his diverse security background to quickly grow SecureW2 into an industry leader for certificate-based security, and a trusted partner of many of the ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
VictorWunschelCISSP
50%
50%
VictorWunschelCISSP,
User Rank: Apprentice
4/30/2021 | 8:28:51 AM
WFH and Always On VPN
Employees must have privacy in their own homes.  Business does not have a right to force employees to modify equipment at home.  However, business can and should use Always On VPN (and two factor authentication) on company assets to protect connection to corporate information.  I've also heard companies are using VDI to substantually reduce the risks, creating a virtual machine so that data never leaves the company, which reminds me of green on black  days (all things are circular). Some other proposed alternatives would cost too much money, invade privacy, and be nearly impossible to audit IMHO.
MicahSpady
50%
50%
MicahSpady,
User Rank: Apprentice
4/29/2021 | 1:02:24 PM
Re: Wifi at home

Agree with you here Paul. Companies need to take ownership over their employees home Wi-Fi security. I think they can drop in the hardware, as long as it's managed from the cloud and authenticates against one of the newer Cloud RADIUS servers. 

PaulH129
100%
0%
PaulH129,
User Rank: Strategist
4/29/2021 | 7:10:09 AM
Wifi at home
Thats all great and all, but your regular Jill/Joe user is still very technically illiterate, dont put the burden on them. Unless the company drops hardware in forget it. if you have Corp devices always on VPN or some sort of service like Palo Prism-a. BYOD should be treated like corp unless you have some sandboxing application that abstracts and virtualizes the app (citrix, etc). Yeah still cant go cheap and consummer in this day and age security vendors still have no proper solution just snake oil.
rohitmadhu
50%
50%
rohitmadhu,
User Rank: Apprentice
4/29/2021 | 5:21:16 AM
Nice article
Securing a home network is a major concern now, as the majority is doing WFH.
Jake L
100%
0%
Jake L,
User Rank: Apprentice
4/28/2021 | 5:36:55 PM
Enterprise security at home
Keeping an eye on the prospect of using enterprise level security for remote employees. The big problem with using enterprise security at home today in my opinion is the lack of infrastructure available for Home Users. Hopefully Fortinet's new partnership with Linksys will improve the options available
Kainoa Lee
50%
50%
Kainoa Lee,
User Rank: Apprentice
4/28/2021 | 4:28:09 PM
Good Start to Eliminating Credential Theft
I think educating employees on the dangers of credential theft is a great start on how we can better protect our networks from data theft. The use of an Enterprise-Grade network for remote workers can help achieve that and further secure networks through a stronger authentication method (like EAP-TLS).
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-37436
PUBLISHED: 2021-07-24
Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, who have physical access to a device after a factory reset, to obtain sensitive information via a series of complex hardware and software attacks. NOTE: reportedly, there were vendor marketing statements about safely removing pers...
CVE-2021-32686
PUBLISHED: 2021-07-23
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket. First, a race condition between callback and ...
CVE-2021-32783
PUBLISHED: 2021-07-23
Contour is a Kubernetes ingress controller using Envoy proxy. In Contour before version 1.17.1 a specially crafted ExternalName type Service may be used to access Envoy's admin interface, which Contour normally prevents from access outside the Envoy container. This can be used to shut down Envoy rem...
CVE-2021-3169
PUBLISHED: 2021-07-23
An issue in Jumpserver 2.6.2 and below allows attackers to create a connection token through an API which does not have access control and use it to access sensitive assets.
CVE-2020-20741
PUBLISHED: 2021-07-23
Incorrect Access Control in Beckhoff Automation GmbH & Co. KG CX9020 with firmware version CX9020_CB3011_WEC7_HPS_v602_TC31_B4016.6 allows remote attackers to bypass authentication via the "CE Remote Display Tool" as it does not close the incoming connection on the Windows CE side if t...