Why your home network is not the safest place to work from

Home networks are vulnerable

There are a number of reasons why the wireless networks used in our homes tend to be at risk of intrusion. This is incredibly dangerous as any potential unwanted party that has gained access to your network can intercept or access all unsecured web traffic within the network.

Firstly, home network users do not usually monitor the users who have gained access to the network. This is the result of the assumption that no external intruder will either have the ability or the desire to do so, but this is an incredibly naive mindset to have if you wish to remain secure.

Moreover, the standard routers we are being provided by Internet Service Providers (ISPs) are geared towards affordability and low cost rather than security. An ISE report in 2014 found that several popular routers from companies such as Linksys, Belkin and Netgear had vulnerabilities that could be exploited by either local or remote malicious entities.

Stock routers also come protected by default passwords, which if left unchanged, can expose you to security violations on both the manufacturer’s and the ISP’s side of things. Put more simply, should the manufacturer be hacked and their default password database is compromised then so is your device. However, even in cases where users change to a custom password, their replacement passwords aren’t generally strong enough to thwart intruders.

More crucially, unlike other devices that you may have at home, stock routers are bereft of the ability to receive automatic updates. The manufacturer may release subsequent patches to resolve these issues but home users are not likely to bother updating them, exposing themselves to hackers and other entities which will have had ample time to find every conceivable vulnerability on the device.

Separating personal and professional data is easier said than done

While IT administrators can take a number of measures to prevent company employees from transferring data from work devices to personal devices, it is practically impossible to negate the mixing of the two ecosystems entirely.

For example, while a workstation may have its USB drives disabled to prevent users from copying data to a flash drive for any reason, benign or malicious, laptops may or may not go through the same process. After all, disabling a laptop’s drives may hinder productivity in some cases.

Moreover, if the organisation uses cloud-based storage, a user can simply download a work document on their home device so that they can work on it from home. If their personal device or home network are compromised, a malicious entity will have gained access to both their personal data as well as any locally-stored professional data.

Also, with the proliferation of remote working and the return to the pre-pandemic life-work balance, users have found it increasingly difficult to differentiate between their personal and professional sessions on their devices. This may result in dropping down their guard when it comes to personal privacy and cybersecurity in general. In other words, users would be particularly vigilant when working at the office on a strictly work-related device, while their online behaviour may become more lax when working at home.

Not enough hardware for home use

Companies who have enforced a Bring Your Own Device (BYOD) policy have grown in number over the past few years, mainly due to the obvious cost-related benefits in not having to pay for additional devices or software licenses.

In 2019, Forbes reported that the BYOD market is estimated to be worth $367 billion by 2022, while Cisco has found that organisations which implement this policy save about $350 per employee on an annual basis. Moreover, Frost & Sullivan have found that employees who use their own devices save about 58 minutes per day and thus enjoy a notable productivity gain.

Despite the aforementioned benefits, BYOD entails a number of risks, including malware infiltration exposing company data, legal liability issues, loss or theft of the device, as well as shadow IT (additional work performed by other departments to circumvent real or perceived shortcomings by the organisation’s IT department), among other issues.

However, despite the clear advantages in providing users with company-owned and company-managed devices, the sheer cost of the hardware and software license acquisition may make it impossible for an organisation to provide a laptop or work tablet to all remote workers, particularly now when the percentage of concurrent remote workers is so high.