CyberCube - Cyber Insurance Analytics

Tips to help create a secure working from home environment

Written by Alejandro Sauter | Jun 4, 2020 11:00:12 AM

Many of us have shifted our usual office workspace to a work from home setting in the past weeks and it has become clear that it may remain this way for some more time. Now that most of us are settled into our new workspaces, it is a good time to start looking for some security improvements which can help secure not only your workspace but also your home network in general.

CyberCube’s mission is to deliver the world's leading cyber risk analytics. We enable society to make better decisions about which digital risks to avoid, mitigate or insure as internet-connected technologies change the nature of risk in the 21st century. As a cyber analyst, I’ve spent most of my career looking at cyber security vulnerabilities. Here are some of my suggestions to help improve security, given the shift to a home-working environment.

The below is not intended to be a laundry list, can carry different degrees of difficulty for technical and non-technical users in implementing, and cannot possibly consider all individual circumstances that come into play with work from home. However, I hope it will help people think about what is in their power, to be more conscious in general about secure practices, and to be proactive in their home environments.

The burden of considering what needs to be done at once is also not necessary. While quick adoption is best, doing at least one of these action points is better than doing nothing and implementing these over time is one way to get to the finish line without being overburdened. Finally, in most cases, defending against an attack is not about having the best defenses ever, but about providing enough barriers/deterrents to an attacker so they focus on the next (and easier) target. Proactive steps you can take include:

1. Secure your access point (i.e. your modem and/or router(s))

    • Change defaults on network SSIDs (i.e. network name) and passwords (you can also verify if its WPA2 or another standard)
    • Change defaults on modem/router administration credentials (usually displayed on a sticker on the side). The modem/router address is usually at 192.168.0.1 or 192.168.1.1 (this can vary by manufacturer, make sure you check the modem sticker)
      • This is also where you can apply modem/router patches
      • The modem/router address can also be found using a command prompt (on Windows: run “cmd”, type “ipconfig”, and look for the “Default Gateway” field)
    • If you are able, verify that devices connected to your modem/router (typically found in the modem/router administration page) are expected
      • This can get tricky as device names (i.e. “My Laptop”) don’t always populate and we end up with an IP address and a MAC address
      • Don’t be discouraged, the MAC address can typically point you to the vendor of the device (a useful site is: https://www.wireshark.org/tools/oui-lookup.html, simply enter the MAC under “OUI search” and hit “Find”); for example, a search might return Nintendo and you may have a Nintendo Switch on your network

2. Device encryption can be important, but guidelines will differ based on Windows, macOS, iOS

3. VPNs are important to secure work traffic, make sure you have a strong unique password for this as well and if not consider changing it with an administrator

4. Keep an eye for regular threats such as phishing attacks (double check!) and USBs (don’t use them, with the exception of USB-based physical tokens such as Yubikeys)

5. If it’s in your power, try to make backups of at least mission critical data/documents, if not more, but depending on your individual circumstances, this might not be possible

6. Developing contingency plans - even if you’re not at a level to develop plans for your company or department, just knowing what to do individually if things go wrong can make a major difference. (E.g. I clicked on a phishing link or downloaded a malicious file - what do I do now? Who do I contact? What information do I need to provide to make others’ response easier?)

7. Changing all default passwords to something unique and strong
    • Recommending use of a password manager to keep track of unique and strong passwords
    • Unique passwords help defend against attacks based on credential re-use (i.e. shared passwords across accounts are poor security, especially when a majority of services work off an email address being the username, which narrows down the fields an attacker must get right)
    • Don’t forget about IoT devices - for some, it can get tricky or difficult to verify if they use passwords and can be hard to change them, so an alternative here sometimes is to place them in a separate subnet (which can also be challenging for certain users, unfortunately)

8. Patch all computers, routers, and other devices (i.e. IoT devices) on the network. Try to often patch computers with ease since operational systems tend to facilitate/automate the process, but routers and IoT devices are often forgotten for updates

9. Review endpoint protection on laptop/desktop computers. We can find decent protection even for free: do some research on these and find out which one is best suited for your case

10. Identify high-risk systems/accounts and set 2FA/MFA on them - the more services you cover, the better
    • With this, also consider enabling certain security alerts in high-value accounts, such as email and banking, so as not to miss notifications

11. Some users may want to implement different subnets at home to separate work and personal networks, but this will require some degree of technical work

12. Changing DNS settings can help mitigate some attacks, for example using Cloudflare’s 1.1.1.2 and 1.1.1.3 which block malware and malware+adult sites respectively at a DNS level by domains identified by Cloudflare as belonging in these categories
    • AdBlockers can help here too while also making web browsing less cumbersome
    • Additional projects block ads as well as known resources which are loaded as part of malicious campaigns (a good project is here: https://github.com/StevenBlack/hosts) but can require additional technical knowledge, so do what you can.

As you read and/or work through the list, you’ll find that some of these items are out of your reach. Doing some web searches or asking for help from your company may address some of these barriers, but some of these may still remain challenging. Don’t despair and just try to do your best with this list, as even doing a few of these will leave you in a better position than you were yesterday.

In some cases, your company may have already implemented some measures, given you instructions, or sent you equipment, in which case follow company guidelines but recognize that some items (for example, unique passwords) will always be within your own power and responsibility. Remember security is a journey and every step helps you get farther from an attacker. Most measures will enable you to create a secure home workspace and can also secure your home network in general.