Update 01 November 2020
The Threat Intelligence Report 2020 (released last week—a brief summary can be found here) reported that IoT infections on wireless networks (including home networks) is up 100% over last year. Shockingly, these devices that blend into your daily life are not just leaky boats, they are targets for ransomware. Unless you run two networks in your home, these put the network you share with your work devices and the data stored on them vulnerable to hacking—and ransomware.And, as if that’s not enough of a reason to examine your smart home devices, the voice-activated devices (Alexa, Siri, etc.) eavesdrop and record all day, turning on inadvertently up to 19 times each day, probably including times you are meeting with clients and discussing information covered by a confidentiality agreement. Talk about adding insult to injury!
In December 2019, the FBI reported that the surge in IoT devices has given bad actors “a virtual drive-by of your digital life.” That is, the small “smart” devices people let into their lives, like fitness trackers, thermostats, televisions, and refrigerators, are vulnerable to bad actors and open all devices in the home to hacking. If you work from home, you need to protect your home office from your smart home.
In most homes, all devices use the same wi-fi router to access the internet, leaving every device in the home as vulnerable as the least secure device in the home. Those files you secured on your laptop? Not secure, because your smart doorbell (or fridge, or tv, etc.) has lousy firmware that allowed a hacker to access your home network.
[Lest anyone fret that any work outside the office is necessarily less secure than on-site work, check out this report on how on-site security is suffering from employees’ use of personal devices on office networks.]
If you work from a home office, protect your work and your devices from the personal IoT sharing your network. While the best solution is to run your business and IoT devices on separate networks, that’s not practical for most folks. Here are some practical precautions you can take:
- Secure your router. According to Avast, “59.7% of routers have weak credentials or some vulnerabilities” and “59.1% of users worldwide have never logged into their router or have never updated its firmware.” In my experience, many people have not changed the factory preset credentials, leaving their network extremely vulnerable. [Read: Tips & Tricks #1: Secure Your Wi-fi Router and Tips & Tricks #2: Update Your Wi-fi Router]
- Limit IoT devices’ access. If you manage your smart devices with apps, do not accept the default permissions these apps will request without careful review. Does the app for your fitness tracker need to access your phone’s mic and camera? Probably not. [Read: Here’s What That App Knows About You]
- Protect your devices with secure credentials. Don’t accept preset passwords and use a strong unique password for each device.
- Update your devices. Updates often contain security patches for the firmware installed on your device. If there is an auto-update function, use it. [Read: Enable automatic updates]
Working from home can be just as secure (or even more secure) than working on-site, but it requires taking control of the tools you employ to run your business and your home.