Your Smart House - Protect InfoSec at Home!
Why did I write this? This article is NOT a presentation of theory.. nor do I take a lot of time to build upon my technical position. Instead, I’m very concerned and want to offer my colleagues here some practical Info Sec considerations. Please take a moment to protect yourself, your data, your business communications and financial transactions at home by considering and acting upon the following.
"We can longer assume our home network is secure. If you are in healthcare, finance / accounting, engineering or software design please take a moment to read this carefully."
Our children are on smartphones, visitors request the “guest Wi-Fi password” (we call it “Wee-fee” in our home) and now smart TVs, gaming systems, VOIP phones and Wi-Fi enabled speakers (to name a few) need more access. This requires greater attention and consideration toward information security at home!
Let’s call out the obvious. Developing good Info-Sec awareness are critical “manners” for work-at-home professionals and anyone wanting to protect their valuable information so let's discuss our advanced tech and how to address it home.
Our Advanced Tech and How to Address It.
Non-Essential Devices Should Be Segmented
This is very important! I cannot stress this enough. I recommend the following devices NOT be on the same “network” actively used for your business, personal finance or anything frankly you don’t want potential attackers to see. The wireless and network traffic should be on a different segment. I'll explain more later.
I personally group the following devices on their own internal network and I recommend the same for any data conscious colleague. These devices cannot connect or “see” any business computers, devices or communications. Very important!
Smart TV’s
Wireless Home Speakers
Guest WIFI access
WIFI for children (smart phones or tablets)
Gaming Systems (XBOX, PlayStation, etc.)
I also add non-critical VOIP phones in this group
Children / Guest physical computers
Critical Devices For Business Should Be Independent
I like to group the last into its own network category due to the newness and developing nature of the technology. It relates to home security, appliance management, solar panels and electric cars.
Depending on your personal “estate” you may have the need to segment your home security system by itself but I don’t have a mansion with million-dollar art hanging in the foyer. (We keep the high dollar art in the kids bedrooms. Grin.) For most of my colleagues one group for these devices would be sufficient.
Electric Car management / smart cars.
Home Appliance monitoring / management (e.g. Temperature control, appliance alerts, etc.)
Home lighting control
Worthy to mention here: Restricting what communications come in and go out of your home may become an important consideration depending on your specific needs and items to protect. Ask your professional.
3 Basic InfoSec Standards as a Foundation
The following are the basics that we should already have in place but I’ll include just in case you are one of those thinking “…it won’t happen to me”.
Use antivirus software on all your personal devices—including your smartphone—and always keep it up-to-date. This is important for Mac users, too. For phones > consider Lookout for both Android devices and iPhones. On Windows based phones, you have even more security options. Not all anti-virus programs are the same..so do a bit of research.
Turn on automatic patching to keep your software up-to-date. That way you can benefit from the information security efforts of software vendors. Many, if not most, attacks target vulnerabilities in outdated software versions and thus can be thwarted by patching.
“Think before you click” on links and attachments! Phishing emails still represent a significant entry point for malware, virus and overall social engineering. See VERIZON REPORT for more information.
Lastly, if you installed a one-stop powerful Wi-fi with “firewall built it” -- most likely its not enough. See above for more information.
How Do We Get Started?
If this seems overwhelming then please hire a professional. We can no longer go to the local B3stBuck -- pick out our wireless router and assume “we’re good”. One device CAN do all of this if purchased and configured correctly but they are not sold at B#stBuck or W@llcart. (Personally - We have two wireless routers in addition to the Fortigate device mentioned below.)
There are a number of devices out there but my professional favorite would be the Fortinet UTM appliance (Next generation Firewall – 60D thru 90D is sufficient for the home office).
You will most likely need a professional to configure it correctly but it is totally worth the effort and peace of mind.
She/he can configure it with automatic email / text messages if there are critical alerts detected (e.g. child downloads an app on their smart phone and it is maliciously exploring the network.) This has happened to us!
Offers another layer of virus / malware protection. For example, it can block websites known for malicious activity.
These devices typically have much faster content control for the family should you wish to restrict web content. Notable content to block: malicious websites, phishing websites, adult material, bandwidth consuming sites, etc.
Brief BIO: Steve has a Master's Degree in Information Sciences | Cyber security and Assurance from the College of Information Sciences and Technology at Pennsylvania State University. In addition, he maintains certifications related to Microsoft systems / network management; CISSP (Certified Information Systems Security Professional); CISM (Certified Information Security Manager) and CISA (Certified Information Systems Auditor). Steve is also a certified Lead Implementer for the ISO/IEC 27001 Information Security framework and Lead Risk Manager for ISO/IEC 27005.
