How Home Networks and Smart Devices Change IT Threat Model

51
How Home Networks and Smart Devices Change IT Threat Model-01

With increasingly accepted remote working models, the security of employees’ home networks, as well as the devices connected, is becoming increasingly important to consider. This is especially in organizations that need to continue to support a large number of employees in remote working locations in the foreseeable future.

Home routers, printers, security systems, DVRs, gaming consoles and other smart devices can significantly change the threat model for the corporate network. This practice increases the need for organizations to pay close attention to the safety of home networks, smart home products and other tools connected to them, analysts say. Home routers, printers, security systems, DVRs, game consoles and other smart devices can drastically change the business network threat model for the following reasons.

More malware infections

A recent study by BitSight found home networks were more than seven times likely than an office network to have five or more types of distinct malware. Twenty-five percent of smart-home products, PCs, printers, cameras and other devices on home networks were directly accessible over the internet; 45% of companies had a device accessing its network from a home network with malware on it.

This issue is exacerbated by the fact that many remote workers still use their own computers for work. A recent Morphisec survey showed that 49% of employees still use a personal laptop while working remotely. That number dropped a little from the 57% using personal laptops in 2020.

Also Read: Strategies to Automate Security Processes

Easily accessible management interfaces

Home networks are fundamentally different than corporate networks, and thus have risks. While they can be present on a corporate network, are rarer there. Home routers and IoT devices with easily accessible management interfaces because of default or weak passwords. The router is likely exposing services, whether intentionally or unintentionally [that are not] usually allowed by a corporate firewall.

Weaker Wi-Fi protection

Similarly, the home Wi-Fi network may not be protected as effectively as a corporate network against dangerous behavior by other users on the network. While it is still more of a theoretical risk, there are also general privacy or confidentiality concerns with the presence of virtual assistants such as Alexa and Google Home on home networks. Such devices can unintentionally pick up speech and business communications that an employee might be engaged in while working from home.

Increased scale and attack surface

The risks are not all entirely new. Organizations that have supported remote workers have had to deal with some of these issues for years. What’s different is the scale. A significant percentage of enterprises are predicting increased scale of work from home on a permanent basis. The question then becomes, what does security look like if a significant portion of employees are not accessing corporate services from a company owned network campus?

Security experts offer four tips on mitigating risks to enterprise security from home networks and smart-home devices:

Trust nothing; verify everything
Treat home networks and devices as untrusted, because they are inherently more vulnerable than a corporate environment.

Also Read: Leaders’ Resolutions to Help Navigate the New Hybrid Work Model

Identify the security gaps
The security implications of supporting a handful of work-from-home employees is quite different from supporting anytime, anywhere computing at scale.

Protect employee endpoints
Ensure that any device that is being used to access the enterprise from a home network is protected against potential security threats from vulnerable smart-home products and other connected devices on the network.

Educate the employees
Often employees working from home are unaware of the potential risks of having vulnerable smart-products and other buggy devices on the same network they are using to log into the corporate environment.

For more such updates follow us on Google News ITsecuritywire News

Previous articleHow to Navigate a Zero-Trust Journey
Next articleFin7 Mailing Malicious USB devices to Businesses in the US
Swapnil Mishra is a seasoned business news reporter with a passion for cybersecurity and IT security. After watching Edward Snowden's documentary "Citizen 4", Swapnil became fascinated with the importance of privacy not just for individuals but also for institutions, including countries as well as businesses. Since then, she has started writing about data privacy, threat hunting, risk assessment, and other important cybersecurity topics. In her articles, Swapnil focuses on the latest cybersecurity threats and trends, and she emphasizes the need for businesses and organizations to take a proactive approach to cybersecurity. She believes that cybersecurity is not just an IT issue, but a business issue that requires collaboration between different departments and stakeholders. Swapnil's reporting often highlights the potential consequences of cyber attacks, including financial losses, reputational damage, and legal repercussions. She stresses the importance of a comprehensive cybersecurity strategy that includes risk assessments, employee training, incident response plans, and continuous monitoring. She has a keen eye for detail and a knack for breaking down complex technical concepts into easy-to-understand language. When she's not writing about cybersecurity, Swapnil enjoys gardening, reading, traveling, and watching cat videos.