4/28/2021
01:00 PM
Bert Kashyap
Bert Kashyap
Commentary

How to Secure Employees' Home Wi-Fi Networks

Businesses must ensure their remote workers' Wi-Fi networks don't risk exposing business data or secrets due to fixable vulnerabilities.



While we are close to seeing the light at the end of the COVID-19 tunnel, there is no sign that the work-from-home trend it created will be coming to an end soon.

Even prior to the pandemic, the number of employees who work remotely has been rising continuously. In fact, 36.2 million Americans (22% of the workforce) will be working remotely by 2025. While allowing staff to work remotely gives greater flexibility to corporations, it also comes with cybersecurity risks. It is becoming increasingly paramount for companies to ensure their employees' home Wi-Fi networks are secure.

Related Content:

How Can I Help Remote Workers Secure Their Home Routers?

Special Report: How Data Breaches Affect the Enterprise

New From The Edge: How to Create an Incident Response Plan From the Ground Up

Home Offices Are Easy Targets for Cybercriminals
Today's hybrid work-from-home scenario demands that chief information security officers (CISOs) look at home Wi-Fi access and IT infrastructure as part of the entire enterprise security ecosystem. This is to ensure that the networks employees use are secure whether they are in or out of the office. Otherwise, they could be at a real risk of being vulnerable to hackers.

Home ownership is public information. A hacker can park near an employee's home, steal their Wi-Fi credentials, and reroute the home network so that all traffic is sent to the hacker. The hacker can then infect the employee with ransomware, spy on corporate activity, or conduct other potentially devastating, malicious attacks.

According to an IBM study, human error is the cause of 95% of cybersecurity breaches. This staggering statistic indicates that people simply don't know what to look for to protect their information. Few employees are well versed in regularly updating their router software to stay up to date on vulnerabilities, leaving countless attack vectors open at home.

Security Risks for Using Unsecured Wi-Fi at Home
A major security risk associated with remote work is wardriving: stealing Wi-Fi credentials from unsecured networks while driving past people's homes and offices. Once the hacker steals the Wi-Fi password, they move on to spoofing the network's Address Resolution Protocol (ARP). Next, the network's traffic is sent to the hacker, and that person is fully equipped to access corporate data and wreak havoc.

A typical home-office router is set up with WPA2-PSK (Wi-Fi Protected Access 2 Pre-Shared Key), a type of network protected with a single password shared between all users and devices. Unfortunately, WPA2-PSK is by far the most common authentication mechanism used in homes, which puts employees at risk for over-the-air credential theft.

WPA2-PSK does have a saving grace, which is that the passwords must be decrypted once stolen. Password encryption can prevent hackers from stealing passwords once they have them, but only if they are unique, complex, and of adequate length. Avast conducted a study of 2,000 households that found 79% of homes employed weak Wi-Fi passwords. In addition, a 2018 study found 82% of respondents have never changed their default Wi-Fi password. Weak and common passwords can be decrypted in seconds with a Rainbow Table, giving hackers unmitigated access to your network.

Two Ways to Secure Employees' Home Wi-Fi

1. Educate Employees About Cybersecurity at Home
It's vital to train staff members how to spot and handle phishing attacks and other forms of social engineering. Educate employees on common tactics such as phony emails and spoofed websites and to always double-check before entering credentials anywhere. While educating employees is an essential first step, the fact of the matter is that all it takes is one mistake by a single employee to put an entire organization at risk for an attack.

2. Secure Home Wi-Fi With Enterprise-Grade Networks
A WPA2-Enterprise network is the most frequent type used by organizations due to its increased security and customization capabilities. WPA2-Enterprise networks use a RADIUS server with Extensible Authentication Protocol (EAP) that ensures information sent to the RADIUS is protected. If employees are working remotely and accessing sensitive resources, you want to guarantee they have the best possible protection. WPA2-Enterprise is not only the best method for securing home Wi-Fi networks; it's become far more accessible in recent years.

Enterprise-grade infrastructure, previously unobtainable for smaller organizations, has gotten significantly less expensive in the past decade. In turn, this allows small to midsize businesses to adopt top-notch security at incredibly cost-effective rates. Plus, many of these new WPA2-Enterprise capable Wi-Fi products can be managed entirely from the cloud, making it remarkably efficient to deploy and manage WPA2-Enterprise network security for your employees at home.

Prioritize Wi-Fi Security for Remote Work
As the world continues to adjust to whatever the new normal might be, it's important for organizations to continue prioritizing security companywide, whether employees are back in the office or still at home. Working from home appears to be here to stay, with nearly 90% of those who have been able to work at home not wanting to go back to the office full time. It's imperative to take the necessary steps toward securing home and office networks and make sure employees work from home safely without putting their organizations at risk of an attack.

Bert Kashyap is the co-founder of SecureW2. With over 20 years of experience in networking and cybersecurity, Bert has used his diverse security background to quickly grow SecureW2 into an industry leader for certificate-based security, and a trusted partner of many of the ... View Full Bio
 

Recommended Reading:

Comment  | 
Email This  | 
Print  | 
RSS
More Insights
Copyright © 2021 UBM Electronics, A UBM company, All rights reserved. Privacy Policy | Terms of Service