The average home in North America now has 13 connected devices. And that number is expected to increase exponentially. Smart TVs, connected appliances, online fitness devices, entertainment and gaming systems, smart cars, connected water and power meters, climate control systems and online home security systems are all available. Many home networks also include things like wireless medical devices, and tools designed to track and monitor children or elderly family members.
All of these devices are being connected to the Internet through a home WiFi system, or increasingly, a Home Area Network (HAN) combined with Network-Attached Storage (NAS) and cloud-based applications that are accessible from any device in any location. And we are now starting to see interconnectivity being developed between these devices, as well as connectivity to other systems and networks to enable information and entertainment sharing with friends and family, or data collection by device manufacturers and service or utility providers.
And as the number of remote workers able to work from home increases, your corporate offices are being regularly linked to these hyperconnected and often poorly secured home networks. The implications are significant.
Some companies are stepping up and offering user awareness training programs for remote workers, especially for employees with access to sensitive data. But learning how to avoid phishing and social engineering attacks does not address the relatively new problem of hyperconnected home networks.
As our work and social networks expand into the home, and the potential threat footprint in our homes continues to grow, it is critical that we take a fresh look at how we are protecting ourselves from the growing number of networks we interact with. Our personal, financial and medical information, as well as our work assets are all at risk from increasingly sophisticated malware and financially motivated cybercriminals.
For the enterprise, we recommend a three phase approach to security based around learning what is on your network, dividing the network into separated segments, and then implementing appropriate security that provides critical protections without compromising functionality and interoperability. Of course, large organizations have financial and technical resources that most homeowners cannot duplicate. But there are strategies and techniques that individuals can borrow from enterprises to secure their increasingly complex and sophisticated home networks.
1. Learn (discover)
Information is critical to a security strategy.
Know what is on your network:
With the increasing number of portable IoT and other devices being installed or used by family members and friends visiting your home, it may be difficult to know exactly what is on your home network at any given time. Even harder is controlling what they are allowed to do.
There are a number of security tools on the market today designed for the home that can identify devices looking to connect to the Internet through your WiFi network. Many of them can be easily configured to provide them with access to your guest network, while restricting and monitoring the kind of traffic they are generating, the applications and home resources they are able to access, the amount of time they can be connected online, and the places on the Internet they are allowed to connect to.
Do your homework:
Before you buy a device that wants to connect to your network, ask some questions. Not every device that wants to connect to the network needs to. Do you really need to be able to look inside your refrigerator from the store? Does your coffee maker need to be able to order its own filters? What does a connected stove do?
Next, research these devices with an eye towards security. Are there known vulnerabilities? Many connected devices include vulnerable software or back doors that make them potential targets. And far too many of these devices cannot be hardened, patched, or updated. Can you add passwords? Can they be updated if a vulnerability is detected?
This sort of research is particularly important before you add connected home healthcare devices that monitor patients or regulate medicines.
Many organizations are implementing some sort of network segmentation strategy in order to protect their resources. Visitors and unauthorized devices are connected to a guest network. Critical resources, such as financial data, are isolated from the rest of the network. And sensitive communications are encrypted.
Homeowners can do many of the same things.
Home networks and devices tend to become infected because security is notoriously lax. Here are a few security tips for your home network.
For additional ideas and tips on protecting yourself and your network, review this checklist provided by the Online Trust Alliance. You can also use this link to see if you have an account that has been compromised by a data breach.
Given the rate at which technology is changing, you can no longer afford to simply load an antivirus tool onto your laptop and think you are going to be protected. As we begin to use and interconnect more and more devices, and blend our personal, social, and work lives, security is increasingly important. It is critical that you begin to develop a strategy now for learning, segmenting, and protecting your network, resources, data, and privacy.
*This article was originally published in The Huffington Post.