Sam Stelfox

Smart home cybersecurity news: Work From Home edition [March 2020]

In light of the global remote working movement taking place as a result of COVID-19, this month's smart home cybersecurity news roundup focuses on the new vulnerabilities introduced by working from home.

Smart home cybersecurity: Woman working from home on laptop

In the middle of March, we saw major tech companies including Facebook, Google, Twitter, and Amazon take a stance and implement remote working policies for their employees. Today, thousands of businesses have followed suit as states throughout the country impose lockdown procedures.

As a result, companies are having to quickly restructure their workplace dynamics, communication methods, employee resources, and— if not more importantly— their security protocols.

Some of the latest headlines highlight this need for revamped measures:

The gist is, work from home is effectively widening the home's existing attack surface while putting the previously internal corporate network at risk.

"The danger posed by these threats has been exacerbated by new requirements for "social distancing" and the resulting push by many organizations to widen or implement telework capabilities for their workforce. The sudden COVID-19-related surge in the use of videoconferencing, remote access, and VPN services — especially at organizations that have not used them before — is giving attackers more targets to go after and defenders a lot more terrain to protect." [DarkReading]

We explain a breakdown of what exactly the security implications are in this blog, which I'll summarize below:

Homes aren't equipped with corporate-grade network security

And at the same time, homes are already a top target for hackers. The attack surface here is constantly growing as more devices are connected and as new exploits are discovered in the home's router itself:

The risk of attack becomes tenfold as the corporate network now operates from inside of the home. If an employee's home network or device has a vulnerability that's been exploited, now whichever corporate systems and files they access are at risk for compromise—  even if they are using a VPN.

Plus as highlighted in a headline above, those working from home are now at even more risk as hackers leverage COVID-19 as a means for attack:

According to Check Point, more than 16,000 new Coronavirus-related domains have been registered since January. More than 2,200 of them are suspicious and another 93 are being used to serve malware. [DarkReading]

Of course, these are unprecedented times where organizations had to act quickly and not necessarily vet the setup of their employees' home networks first. Now, employers must work with their remote employees to ensure they are operating in a secure home work environment.

Guidelines put forth by the UK National Cyber Security Centre and Department of Homeland Security's cybersecurity agency are a great place to start. In the long-run however, more tools are likely to be needed. You can learn more about how Minim is providing help here.

Past smart home cybersecurity news roundups:

Like this blog?

Subscribe to our newsletter.