How Home Networks and Smart Devices Change IT Threat Model

How Home Networks and Smart Devices Change IT Threat Model-01

With increasingly accepted remote working models, the security of employees’ home networks, as well as the devices connected, is becoming increasingly important to consider. This is especially in organizations that need to continue to support a large number of employees in remote working locations in the foreseeable future.

Home routers, printers, security systems, DVRs, gaming consoles and other smart devices can significantly change the threat model for the corporate network. This practice increases the need for organizations to pay close attention to the safety of home networks, smart home products and other tools connected to them, analysts say. Home routers, printers, security systems, DVRs, game consoles and other smart devices can drastically change the business network threat model for the following reasons.

More malware infections

A recent study by BitSight found home networks were more than seven times likely than an office network to have five or more types of distinct malware. Twenty-five percent of smart-home products, PCs, printers, cameras and other devices on home networks were directly accessible over the internet; 45% of companies had a device accessing its network from a home network with malware on it.

This issue is exacerbated by the fact that many remote workers still use their own computers for work. A recent Morphisec survey showed that 49% of employees still use a personal laptop while working remotely. That number dropped a little from the 57% using personal laptops in 2020.

Also Read: Strategies to Automate Security Processes

Easily accessible management interfaces

Home networks are fundamentally different than corporate networks, and thus have risks. While they can be present on a corporate network, are rarer there. Home routers and IoT devices with easily accessible management interfaces because of default or weak passwords. The router is likely exposing services, whether intentionally or unintentionally [that are not] usually allowed by a corporate firewall.

Weaker Wi-Fi protection

Similarly, the home Wi-Fi network may not be protected as effectively as a corporate network against dangerous behavior by other users on the network. While it is still more of a theoretical risk, there are also general privacy or confidentiality concerns with the presence of virtual assistants such as Alexa and Google Home on home networks. Such devices can unintentionally pick up speech and business communications that an employee might be engaged in while working from home.

Increased scale and attack surface

The risks are not all entirely new. Organizations that have supported remote workers have had to deal with some of these issues for years. What’s different is the scale. A significant percentage of enterprises are predicting increased scale of work from home on a permanent basis. The question then becomes, what does security look like if a significant portion of employees are not accessing corporate services from a company owned network campus?

Security experts offer four tips on mitigating risks to enterprise security from home networks and smart-home devices:

Trust nothing; verify everything
Treat home networks and devices as untrusted, because they are inherently more vulnerable than a corporate environment.

Also Read: Leaders’ Resolutions to Help Navigate the New Hybrid Work Model

Identify the security gaps
The security implications of supporting a handful of work-from-home employees is quite different from supporting anytime, anywhere computing at scale.

Protect employee endpoints
Ensure that any device that is being used to access the enterprise from a home network is protected against potential security threats from vulnerable smart-home products and other connected devices on the network.

Educate the employees
Often employees working from home are unaware of the potential risks of having vulnerable smart-products and other buggy devices on the same network they are using to log into the corporate environment.

For more such updates follow us on Google News ITsecuritywire News