Improving Security Posture at Home: The Other Cyber Battleground

Share :

In today’s world of remote work, business trips, and home offices, cybercrime doesn’t just occur within the four walls of an office. Bad actors can strike at all hours and utilize any and every vulnerability to gain access to valuable networks and assets — no matter where the device may be or what the user may be using it for. 

For example, look at the May Cisco breach. A hacker was able to gain access to an employee’s personal Google email account (aka Gmail) and find passwords that were synced to Cisco’s web browser. After compromising the Google account, the hacker was able to get through the virtual private network (VPN) (the password was saved in the browser), and subsequently steal and leak Cisco data.  

That’s a lot of access and damage from one email account. It also highlights how the walls between personal life and work life have blurred, and how cybersecurity needs to be taken seriously in both parts of your digital life. 

Eight Facets to Consider When it Comes to At-Home Cybersecurity 

Many employees, especially ones that work in the technology sector, work from home at least part of the work week. According to recent data, 58% of Americans can work from home at least one day a week, and 35% can work from home five days a week.

Having your laptop at home means you’re probably using it for more than just work. Maybe you’re sending out personal emails or watching videos at lunch. Maybe you bring it with you to a coffee shop or stream videos on it while on a flight. If your device is outside the office, then your cybersecurity hygiene needs to extend outside the office as well.  

Here are eight things to consider when it comes to at-home cybersecurity: 

1. Utilizing VPNs at home, in coffee shops, or anywhere that isn’t the office.

If you like to work from your neighborhood coffee shop, the local brewery, or while on a road trip, using a VPN protects all those valuable files on your computer. A VPN, in short, encrypts your server and offers a protected connection to the internet that can’t be seen or used by anyone else. It’s essential if you’re using public Wi-Fi.

2. Be careful when utilizing public Wi-Fi.

Public Wi-Fi doesn’t have the same protections or limitations as your personal network. Cybercriminals can take advantage of this access to conduct man-in-the-middle attacks. These attacks consist of the bad actor digitally positioning themselves between you and the server (via the public Wi-Fi access) and capture your traffic. If you do use public Wi-Fi remember to use a VPN, or only access data that isn’t sensitive or valuable. For example, don’t start looking at your bank account or company credentials while on public Wi-Fi.

3. Employ multi-factor authentication (MFA) for personal accounts.

You’ve probably seen a pop-up on your email account, your banking account, or other personal log-in pages asking if you want to employ MFA. The answer is yes. Whether it’s your personal email, financial information, or just your YouTube account, protecting access is critical. As the example above highlights, it only takes one compromised access point to create a lot of damage, even if that access point isn’t directly connected to your employer.

4. Don’t use the same password for every login.

For your work email and other work-related accounts, the password requirements may be complicated or even change every few months. Your personal accounts should have the same stringency.

With the Cisco breach, the hacker was able to hack a personal email, and while it’s not known how that occurred, the simpler the password the easier it is to hack. It could also give the bad actor broader access if that hacked password is your default for every login across the internet. Credential theft is on the rise, so all users should assume that at least one of their logins is floating around the dark web and do what they can to better protect their credentials

5. Secure your physical devices.

We lose our phones, it happens. So, make sure your phone is password protected and contains as little information about your work (or personal) data as possible. The same goes for your personal laptop. If you’re traveling, always keep your physical devices on your person, utilize hotel safes, and don’t leave your laptop or phone unattended at a coffee shop. If you must step away from your device, make sure there’s a password or other lock system in place to prevent anyone from gaining access.

6. Don’t overshare on social media.

A cybercriminal only needs a few pieces of information to bypass the security questions on your online bank account. Your date of birth works. So does the name of your pet or the name of your hometown high school. Those details can be found on your social media profile if you keep yours public. It’s important to know what information you’re putting out onto the internet, and how that information may be used against you. Keep your social media profiles restricted, don’t overshare, and never post a photo with valuable data in the background.

7. Remember that social engineering attacks can happen at home.

Bad actors don’t operate from 9AM to 5PM. They attack at all hours, and they may utilize your personal accounts to try to gain access to your (or your employers) valuable assets. Phishing on your personal email account, MFA fatigue attacks at odd hours, or even requests through social media are all tactics cybercriminals use. You need to be on alert, and educate those who live with you about the risks of social engineering attacks.

8. Keep all your personal software updated.

Updates help patch security flaws and prevent zero-day attacks on your personal devices and software. In addition, updated software prevents viruses from entering your device, which can then be passed on to other devices. If a virus gets in through personal software and you also have work software installed, the virus can spread to your company. 

If your company offers a form of security awareness training, all those lessons can be applied to your personal digital life as well. Good cyber hygiene isn’t just for the office or your work accounts, it’s for your entire digital footprint, and consistently good hygiene keeps you safe and secure. 

Learn more about how cybercriminals are operating and what they’re after with “State of Cybersecurity: 2022 Trends 

Better understand how security awareness training can improve security posture with “5 Pillars of a Powerful Security Awareness Program 

Britt Serra

Britt Serra

Britt Serra is a Product Marketing Manager at Arctic Wolf, where she specializes in cloud security and IaaS/SaaS integrations. She has extensive experience with cloud products and building successful technology partnership programs. Britt is passionate about empowering organizations to take control of their security and fight back against cybersecurity threats.
Share :
Table of Contents
Categories
Subscribe to our Monthly Newsletter