By Paul Williams, country manager - SADC at Fortinet
The number of connected devices in South African homes are expected to increase exponentially. Smart TVs, connected appliances, online fitness devices, entertainment and gaming systems, smart cars, connected water and power meters, climate control systems and online home security systems are all available. Many home networks also include things like wireless medical devices, and tools designed to track and monitor children or elderly family members.
All of these devices are being connected to the Internet through a home Wi-Fi system, or increasingly, a Home Area Network (HAN) combined with Network-Attached Storage (NAS) and cloud-based applications that are accessible from any device in any location. And we are now starting to see interconnectivity being developed between these devices, as well as connectivity to other systems and networks to enable information and entertainment sharing with friends and family, or data collection by device manufacturers and service or utility providers.
And as the number of remote workers able to work from home increases, your corporate offices are being regularly linked to these hyper connected and often poorly secured home networks. The implications are significant.
Some companies are stepping up and offering user awareness training programs for remote workers, especially for employees with access to sensitive data. But learning how to avoid phishing and social engineering attacks does not address the relatively new problem of hyper connected home networks.
As our work and social networks expand into the home, and the potential threat footprint in our homes continues to grow, it is critical that we take a fresh look at how we are protecting ourselves from the growing number of networks we interact with. Our personal, financial and medical information, as well as our work assets are all at risk from increasingly sophisticated malware and financially motivated cybercriminals.
For the enterprise, we recommend a three phase approach to security based around learning what is on your network, dividing the network into separated segments, and then implementing appropriate security that provides critical protections without compromising functionality and interoperability. Of course, large organisations have financial and technical resources that most homeowners cannot duplicate. But there are strategies and techniques that individuals can borrow from enterprises to secure their increasingly complex and sophisticated home networks.
1. Learn (discover)
Information is critical to a security strategy.
Know what is on your network:
With the increasing number of portable IoT and other devices being installed or used by family members and friends visiting your home, it may be difficult to know exactly what is on your home network at any given time. Even harder is controlling what they are allowed to do.
There are a number of security tools on the market today designed for the home that can identify devices looking to connect to the Internet through your Wi-Fi network. Many of them can be easily configured to provide them with access to your guest network, while restricting and monitoring the kind of traffic they are generating, the applications and home resources they are able to access, the amount of time they can be connected online, and the places on the Internet they are allowed to connect to.
Do your homework:
Before you buy a device that wants to connect to your network, ask some questions. Not every device that wants to connect to the network needs to. Do you really need to be able to look inside your refrigerator from the store? Does your coffee maker need to be able to order its own filters? What does a connected stove do?
Next, research these devices with an eye towards security. Are there known vulnerabilities? Many connected devices include vulnerable software or back doors that make them potential targets. And far too many of these devices cannot be hardened, patched, or updated. Can you add passwords? Can they be updated if a vulnerability is detected?
This sort of research is particularly important before you add connected home healthcare devices that monitor patients or regulate medicines.
Many organisations are implementing some sort of network segmentation strategy in order to protect their resources. Visitors and unauthorised devices are connected to a guest network. Critical resources, such as financial data, are isolated from the rest of the network. And sensitive communications are encrypted.
Homeowners can do many of the same things.
- Buy separate wireless access points to separate things like gaming systems and IoT devices from your PCs and laptops.
- Set up a wireless guest network for visitors or new devices. Most access points allow you to restrict access, set up things like firewalls, and monitor guest behaviour.
- To protect your critical resources, consider purchasing a separate, inexpensive device, such as a Chromebook, that is only used for things like online banking. You could also set up a separate virtual device on your laptop or PC for banking online.
- As much as possible, keep your work and personal devices separated. Set up a separate connection for work, only connect through a VPN tunnel, and consider encrypting sensitive data travelling back and forth between your home and corporate networks.
Home networks and devices tend to become infected because security is notoriously lax. Here are a few security tips for your home network.
- Keep a list of all the devices and critical applications on your network, including the manufacturer. Set up a weekly routine to check for updates for physical and virtual devices, operating systems, applications, and browsers. Of course, this is easier said than done. Browsers like Google allow you to set up automated searches that can alert you when news on a topic is found, or simply provide you with a daily email with discovered links.
- Get antivirus and anti-malware software, keep it updated, and run it regularly. But FIRST, do your research. A number of products pretending to be security tools are actually disguised malware. Also, remember that no software is 100% effective, so set up a regular schedule, say once a month, where you use a second or third security solution to scan your device or network. Many solutions provide a free online version or let you run a free demo for a period of time.
- Get a firewall. Most home security packages include a firewall option. Turn it on. Even the default settings are better than doing nothing.
- Use good password hygiene. Change your passwords every three to six months. Use an encrypted password locker to store passwords. Use different passwords for different kinds of things. Don’t mix your personal and work passwords. Increasingly, many social media and online services, such as Facebook, Yahoo, and Gmail, provide options for stronger authentication, including two-factor options.
- Here is a good tip for selecting a strong password. Think of a phrase or a song lyric or a line from a book or a poem. Use the first or second or last letter from each word to create a password string. Replace some of the letters with numbers and special characters.
- New services, such as LastPass have been developed to help manage all your passwords, and all you need to keep track of is a single master password. This technology will also automatically create strong random passwords for each application you need to access, and store them in an encrypted format.
For additional ideas and tips on protecting yourself and your network, review this checklist provided by the Online Trust Alliance. You can also use this link to see if you have an account that has been compromised by a data breach.
Given the rate at which technology is changing, you can no longer afford to simply load an antivirus tool onto your laptop and think you are going to be protected. As we begin to use and interconnect more and more devices, and blend our personal, social, and work lives, security is increasingly important. It is critical that you begin to develop a strategy now for learning, segmenting, and protecting your network, resources, data, and privacy.