Nonprofit Center for Internet Security, Inc. Suggests Five Ways Teleworkers Can Improve Their Cyber Defenses
EAST GREENBUSH, N.Y., Mar. 17, 2020 – The COVID-19 (coronavirus) pandemic is prompting more companies to allow their employees to work from home or telecommute. But, home IT devices are still subject to many of the same threats as on-site business devices. Unsecured off-site routers, modems, and other network devices can cause big headaches for employers. “Poorly configured home devices can negatively affect entire organizations,” said Curtis Dukes, CIS Executive Vice President of Security Best Practices & Automation Group. “They can be attacked from any device on the internet, and they are also vulnerable to unauthorized access from neighbors and passersby.”
The CIS Telework and Small Office Network Security Guide helps combat security concerns affecting network equipment meant for personal or home office use. The guide can be downloaded at no cost at https://www.cisecurity.org/blog/5-network-security-remedies-for-telework/. It covers the entire lifecycle of home network equipment usage, including initial purchase, configuration, and safe disposal. It also provides an easy checklist that can be completed by employees to assess their networks, and returned to their IT department for review.
Here are some suggestions teleworkers can implement now to improve their cybersecurity:
- Practice smart password management and enable two-factor authentication (2FA). This includes accessing the administrative router/modem, Internet Service Provider (ISP) web portal, or a mobile app used for home network management. Anyone with access to these platforms can also access sensitive information traversing the home network and modify critical security settings within the network.
- Enable automatic updates for all routers and modems. Software updates are extremely important as new security flaws are constantly discovered. Simply installing updates from the device manufacturer mitigates many of these problems. This is best accomplished by enabling “auto-update” on the device’s administration page.
- Turn off WPS and UPnP. Wireless Protected Setup (WPS) was initially designed as a user friendly method for new devices to connect to a WiFi network. Unfortunately, it’s been found to allow attackers to connect to WiFi networks without permission. Universal Plug and Play (UPnP) is a network protocol suite that allows devices on a network to easily communicate, but has been found to contain numerous and severe security flaws. Getting these two settings correct can have a large positive impact on home network security.
- Turn on WPA2 or WPA3. Old and ineffective types of cryptography plague older network devices. Ensuring strong forms of cryptography are in use within home networks can thwart others from viewing sensitive information without authorization. At a minimum, configure WPA2 for home use.
- Configure the router/modem firewall. Firewalls help prevent malicious network traffic attempting to enter a network from reaching specific devices. Firewalls generally come built-in to most home routers, but they must be properly enabled.
The Center for Internet Security, Inc. (CIS®) makes the connected world a safer place for people, businesses, and governments. We are a community-driven nonprofit, responsible for the CIS Controls® and CIS Benchmarks™, globally recognized best practices for securing IT systems and data. We lead a global community of IT professionals to continuously refine these standards to proactively safeguard against emerging threats. Our CIS Hardened Images® provide secure, on-demand, scalable computing environments in the cloud. CIS is home to the Multi-State Information Sharing and Analysis Center® (MS-ISAC®), the trusted resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial (SLTT) government entities, and the Elections Infrastructure Information Sharing and Analysis Center® (EI-ISAC®), which supports the cybersecurity needs of U.S. elections offices. To learn more, visit CISecurity.org or follow us on Twitter: @CISecurity.