While most organized criminal gangs and botnets are now targeting businesses and online servers, your home still presents a lucrative target for cyber threat actors. Criminals continue to pursue your bank credentials and have even resorted to orchestrating socially engineered attacks to deceive victims over the phone while posing as Microsoft technical support, tricking victims into putting ransomware on their systems. Fortunately, protecting yourself at home is not that difficult to accomplish and is becoming more important by the day as we continue to connect even the most common household appliances to the internet.
Based on the level of security you feel necessary for your household, here are some suggestions to achieve the desired security posture:
Essential security practices
- Software updates – Remember to turn on Microsoft and Apple’s App Store auto updates. Keeping your home systems patched, both operating systems and applications, will protect you from most non-targeted attacks.
- Firewalls – Leverage the firewalls on home computers (controlled by the Operating systems) as well as Internet Service Provider’s (ISP) router.
- Back-up – Data from your computer systems should be backed up to an external drive. Use the Operating System managed back up software in order to properly do so.
- Put high risk devices on Guest Network – If your router has a guest network, all Internet of Things (IoT) devices, such as TV’s and thermostats should be connected there. This will only give the IoT device access to the internet and not to the rest of your network.
- Password Security – Change passwords to important accounts every time the seasons change (Spring, Summer, etc). Remember to use passwords of at least 16 characters with a mix of numbers, capitalization and special characters.
- Antivirus (AV) – Have a reputable Antivirus (AV) program on all home computers that scan the hard drive daily and screens all email attachments. AV for mobile devices is also available as part of most packages.
- Protected Host – Dedicate one computer system in your house to do banking, bill paying and financial account management. Minimize the use of this machine, ensuring it does not visit potentially malicious websites.
- Enable Security Features – For wireless networks, remember to enable security features, especially those requiring a WPA2 password to join.
Advance security practices
- Manage Privileges – Ensure all computer systems do not have administrator rights enabled during normal use, such as surfing the internet or checking email.
- Invest in a Third-party Router – A third-party router should be used in addition to the router provided by the Internet Service Provider (ISP). Once connected, place the ISP router in bridge mode so threat actors cannot take advantage of the backdoor access your ISP has to their router.
- Invest in Network Protection Services – Subscribe to services that block home systems from visiting known malicious websites. This can be accomplished in three ways:
- AV vendors that offer this added protection as an optional feature
- Third-party routers who provide this as a service
- Install a managed Firewall/Intrusion prevention system, which is an emerging market focused specifically on the home user
- System Segmentation – Carve out risk-based Virtual Local Area Networks to segment high-risk systems – i.e., children’s computers, IoT devices – from other used computers to conduct business and work from home.
- Leverage the Power of Mobile – Surprisingly, mobile devices are the safest way to conduct daily banking transactions such as deposits and bill paying. These platforms are harder for threat actors to compromise or intercept credentials.
- Off site back-up – In addition to an external drive, be sure to back-up your important data to an offsite cloud service.
- MFA – Enable Multifactor Authentication for all banking and financial websites that you frequent to manage your personal finances.
None of these security controls will make you immune to becoming a victim of a determined cybercriminal. However, implementing all of these suggestions will make you a much harder target to significantly minimize the possibility of a system compromise.