Cybersecurity home defense: how to secure your WFH network
Nearly ten years ago, the workforce saw the popularity of the Bring Your Own Device or BYOD trend rise in the workplace—significantly enough that 70% of businesses have developed BYOD policies. On top of this, the app explosion of 2013 led to the need for businesses to further manage this additional onslaught of data.
Further down the timeline, businesses began to take responsibility for and manage these processes and policies around Next-Gen Firewalls (NGF) in an attempt to identify threats to their networks.
In the last few years, and accelerated by COVID-19, people are increasingly working from home. At the same time, smart home device adoption has skyrocketed, and with that, the increase in home IoT security threats. We have now surpassed the era of BYOD and have entered into the era of Bring Your Own Network™.
Securing home networks can be tough without a standard, however, and every home requires a different approach. Here, we’ll outline the top risks to WFH employee networks and common strategies, including VPN and endpoint security (or antivirus software). What’s more, we’ll give you the lowdown on what’s really needed.
Endpoint security can protect PCs and mobile devices, but that’s just the start
Whether a work laptop lives in a home or office, businesses now find the need to prevent malware and/or eradicate the device from infection. This is where endpoint security comes in.
Endpoint security, in essence, focuses on personal computers and phones, that have the capability to run antivirus software. These devices, or endpoints, are entry points that a hacker can exploit and use to compromise a network. Security systems specially crafted for endpoint security can protect a network from compromisation by these devices.
Advanced endpoint security is typically backed by cloud-driven updates and intelligence, working in tandem with the downloaded software on the protected devices. Typically, good endpoint security plans will include these components:
- Machine learning to detect zero-day threats in real-time
- Advanced anti-malware and antivirus protection
- Proactive web security to ensure safe browsing on the web
- Data loss prevention and encryption
- Integrated firewalls to block hostile network attacks
- Email gateways to prevent phishing and social engineering attempts targeting employees
- Insider threat protection to safeguard against both unintentional and malicious actions
Utilizing an endpoint visibility tool, commonly referred to as Endpoint Detection and Response or Endpoint Threat Detection, can allow IT teams to view the number of endpoints that need protection. Businesses that operate at a larger scale will find the number of endpoints that need securing in the hundreds or even thousands.
The drawbacks of endpoint security
Often, business IT leadership believes that implementing an endpoint security plan alone will be enough to protect their data. This is not the case, especially in the home environment.
The key drawback to endpoint security is that the software can’t be installed on every consumer router, smart TV, speaker, tablet, mobile device, and more.
Many connected home devices are inherently unable to allow third-party software to be installed, leaving the home network open for snooping (e.g. at the router level) as well as lateral attacks on work devices from compromised personal IoT devices. In the case of a router hack, the business IT would have zero visibility as to what is happening. This requires additional layers of security on top of an endpoint security plan.
Using a VPN as an additional layer of security
When endpoint security isn’t enough, implementing a VPN to access the corporate network through employee home networks can help. As sensitive information is accessed from the company’s system, it’s important that data isn’t left floating around unencrypted on an unsecured WiFi network where it could be intercepted. VPNs, or Virtual Private Networks, provide a secure tunnel for employees to access sensitive company data.
A tech-savvy home might attempt to set up a VPN to funnel all traffic from the home router. In this case, there are some significant adoption hurdles for VPN service in the home—most notably that the connected devices must be able to function with a VPN enabled, which is not always the case. Additional layers of protection such as antivirus software and firewalls should be enabled on the employee’s home router as well.
Layers of security and a Defense-in-Depth strategy
Unfortunately, no single solution can successfully protect against all threats. Businesses must develop Defense-in-Depth strategies, applying a proactive approach to securing the network from the inside out.
A Defense-in-Depth plan is the deployment of a series of defensive mechanisms that are layered throughout a network—which now includes the distributed WFH networks—to protect valuable data and information. This multi-layer approach to security uses redundancy so that an attack can be thwarted by several layers even if it’s able to make its way through one.
There are an infinite amount of configurations for DiD strategies since each plan must uniquely address the system it’s meant to protect; however, having a general outline to base your company’s Defense-in-Depth strategy on is beneficial.
Below is an example of an onion of DiD tools spanning four recommended layers: antivirus, firewalls, WLAN / SD-WAN, and VPNs.
Introducing Minim, the first Bring Your Own Network™ solution
Configuring WFH employee networks is difficult, time-consuming, and can leave a company’s network compromised if done incorrectly. Minim can be the perfect solution for your company’s needs.
Minim WiFi systems stream home network telemetry to its cloud, which performs AI-driven analyses to manage and secure all things. A new layer of defense for the network, Minim complements already-existing VPNs and endpoint security solutions. It provides the ability to mitigate problems with WFH networks and uses advanced AI and machine learning to detect anomalous behavior, stopping and preventing threats before they happen.
Minim provides advanced, infrastructure-grade cybersecurity while keeping customer identity and data confidential, and protects unwanted devices from joining WiFi networks that could leave WFH networks vulnerable. Minim automatically protects the router itself from attacks, misconfiguration, and compromisation. It’s perfect both for large-scale and small-scale businesses, too.
Minim’s Bring Your Own Network™ solution
Minim brings the power of a Defense-in-Depth strategy packaged into one powerful plan:
- Minim score provides a proprietary network health assessment by monitoring device performance and security.
- AI security provides real-time scanning and protection against router attacks, ransomware, network intrusions, trojans, botnets, worms, spyware, known exploits, and SSID spoofing.
- Device profiles allow the employee to create a profile for a group of devices and set schedules on internet access— allowing for prioritization of bandwidth for productivity devices.
- Network topology displays each Minim router, the devices connected to it, and their signal strengths.
- Whole home coverage allows the employee to place as many Minim mesh routers needed to cover their home, eliminating dead spots.
Distributed IT support
Remote workers can plug a Minim router into their existing home network and connect productivity devices to a brand new network that’s co-managed by employers.
With the power of Minim’s mobile and web apps, both employers and employees can view vital statistics such as device signal strength, speeds, and usage, and can benefit from automated optimizations.
Our intelligent AI-driven platform monitors device behavior to detect and block threats before they become problems. Say goodbye to router attacks, ransomware, network intrusions, trojans, botnets, worms, spyware, known exploits, and SSID spoofing, and say hello to Minim.
Get in contact with us today to find out more about how Minim can be the right fit for you!