By Daniel Watson, Cybersecurity author and consultant
New Zealand's latest Covid.19 lockdown is a timely reminder to SMBs that pandemic disruption has a way to go yet, which means it is time to move beyond the casual approach to work-from-home arrangements because it is a serious cybersecurity risk to businesses.
In a nutshell, sharing home WIFI with family members is problematic.
For example, it is not unusual for teenagers in the home to download, stream and play games that could create a backdoor for cybercriminals to access your confidential company and customer data.
A shared home WIFI network is logically on the same network as the rest of the family. It is not unusual for teenagers to download content, play games or stream live content from dodgy sites like pirated TV platform CouchTuner.
Dodgy sites are riddled with trojan software, which will use the family WIFI as a steppingstone to affect other devices on the network. It opens a backdoor for data theft and ransomware.
If you are a business leader or SMB owner, you may want to start thinking long-term about securing your staff's homeworking arrangements because cybercriminals see New Zealand as a 'soft touch'.
- Ensure your team's home PCs are secure
Secure your staff’s buy-in and then finance the installation of good anti-malware on all of your team's home computers.
Encourage your people to have a conversation with their children and others in the household about what sites are not appropriate and the high risks – not to mention illegality – of accessing pirated content.
- Where possible segregate networks
Where possible, particularly when it comes to managers and C-Suite executives who have greater access to confidential information, it is worth investing in equipment that protects the network.
If you are able, install an additional router in the home to separate company devices from the home network.
- Educate your team
Implement a cybersecurity awareness training programme to make your staff aware of threats to themselves and the company when working on the home network.
The training programme should cover permissible security arrangements for the home, including company policies and minimum standards.
I would follow this up by removing 'local administrator rights' from staff machines because there should not be many occasions where staff need to install new software on a work computer.
It may be inconvenient, but it protects your company – and your staff – from the increasing number of cybersecurity threats we are currently confronting.