Nathan Howe, Director and Head of Transformation Strategy EMEA at internet access and cloud firewall company Zscaler, calls for network segmentation in the home office.
During the pandemic, the topic of secure internet in the home office has taken on a whole new meaning. Before COVID-19, a separation of the usage habits of the internet was firmly anchored in the minds of users. For the occasional few work from home days here and there, the internet was accessed via the secure corporate network and home internet access was reserved for relaxation and entertainment in the form of computer games, online shopping, or watching movies. However, as the mass remote working situation nears its first full year, remote workers and businesses need to pay even more attention to securing internet use in the home.
The more work and personal life merge under lockdown, the more important security becomes when both surfing the web and working on the same network. As a window to the outside world during the repeated phases of social distancing, the internet is at the centre of the world of work, of homeschooling and study, of news consumption and relaxation—and different family members are connected to the internet even more than before. Just as parents provide some level of oversight on their children’s online activities – be it their social media use, the websites they visit and the games they play or films they watch – today, the overall security of the home network must receive the same level of oversight.
Weakest link in the chain
Individual users and human error have perennially been identified by cybercriminals as the weakest link in the attack chain, and malware actors have adapted their vectors to take advantage of the various lockdowns over the course of the pandemic. Malware is targeting the need for information in the current climate and exploiting the carelessness of isolated users in the home office. An attachment is quickly clicked, a contaminated gaming app from the internet is played on the work computer and thus the gateway for malware to the corporate network is opened. Accordingly, the home network also has a new significance for corporate security.
It is no longer just the smart TV or the iPad, but also various devices that are connected to the internet in the home office which are potential vulnerabilities. Often the same laptop is used by different family members for different purposes. It is therefore more important to keep track of the most diverse applications and also to draw clear boundaries between professional and private use of the internet.
Network segmentation
Responsible use of the internet from home should ideally be accompanied by segmentation or isolation of different requirements. For example, if parents have access to sensitive data, whether they‘re development environments, financial information, or medical data, this sensitive information must be protected from access by other family members. On the other hand, every household has to ask itself whether the smart TV and the corporate laptop should have access to the internet over the same network.
To counteract the fusion of private and professional use on the same network, a few simple security measures should be high priority for the secure home office. The segmentation of the private network for different areas of activity and needs is, thankfully, easily achievable. Most modern wireless routers allow the creation of two separate networks, so this means that the professional area of the home network can be separated from that of private use. A dedicated area is reserved for the smart TV or other smart home equipment, children’s iPads, or a laptop for homeschooling. This way, the internet-connected TV cannot transmit malware to the laptop used for work.
In general, it is worth considering disabling the Universal Plug and Play function to prohibit the TV from communicating with the internet. Additionally, it is also easy to setup a DNS filtering function–with the help of a variety of tools–which protects against access to malicious websites, blocks unwanted advertisements, or prevents cookie theft when accessing the internet.
Ease of use versus security
When it became clear some time ago that working from home was not just going to be a short-term situation, performant access to applications became a point of urgency to business continuity. On the business side, application owners put pressure on the business to enable staff to access their business critical applications. The first lockdown shone a light on those companies that had done their homework on digital transformation, and those that had not. Migrating applications to the cloud is only one piece of the puzzle, however. If the underlying network and security infrastructure was not built cloud-ready at the same time, the pandemic revealed the consequences. If business is taking place away from the trusted network and outside of the traditional perimeter, a new infrastructure is essential to staff performance. It cannot be a decision between network speed on the one side and security posture on the other. A better performance on the back of a lower security posture is not acceptable. A decision for both secure and performant access is required.
The internet is a network that is just as vulnerable as the corporate network and can be exploited by malware actors. In the business environment, for security reasons, Zero Trust Network Access (ZTNA) allows you to establish a direct connection to individual applications while completely renouncing the network.
One year into remote working, attention should once again be paid to how each individual can make their private environment a little safer with the necessary and commonplace safety hygiene. However, that is only one piece of the puzzle, and businesses have to play their part too, and take a closer look into how they’re connecting their employees to the apps they need, and whether they’re doing so in a way that’s both performant and secure.
