Welcome to Brown’s Bytes! Your weekly insight from Mobliciti’s CTO Andy Brown. Follow #brownsbytes
7th May 2021
Some time ago I spoke on here about how the security of home routers was a concern.
It’s taken a while (nearly a year in fact), but it has now actually hit the mainstream press this week with Which? publishing the results of testing they undertook on a range of home routers. It didn’t make for good reading at all – see here for the BBC technology story that gives a good summary of their findings.
We’ve been saying it for a while now that the security of people’s home router should be taken seriously. Most people have the router installed that the ISP sent them and it’s just left until it either:
a. Goes wrong or
b. They switch ISP and get a new one
Clearly, there will be a minority who take their home network seriously and may even have installed their own kit, but the vast majority just plug the ISP router in and leave it on default settings.
And home working is now a core part of virtually all companies plans post-pandemic…
The list of ISP’s with Routers that failed the security testing include:
- Virgin Media
- Talk Talk
Grim reading, but not surprising. To be honest, I was more surprised that the list wasn’t longer.
This means the reality will be that a significant proportion of any (or your) user base are running on these ISPs at home. The risks from a compromised router are significant – all bets are off when it comes to the security of the traffic going across that network and the potential for the endpoints connected to be further targeted.
Worse still, endpoints are now going to start moving between home networks and the trusted office network again as offices start to open up…it’s an attackers dream scenario now opening up.
The key takeaway for IT teams should be that management and security of the home network have to be part of plans going forward if home working is going to be a core part of business strategy going forward. However, there seems to be a collective blind spot to this area at present…
Many see the home office as the same as any other internet connection – it’s treated effectively like a coffee shop Wi-Fi. And it’s true that you want to harden your endpoint security to ensure your devices are protected as best as possible when out and about. But the dwell time on home networks is totally different to occasional access in a coffee shop…and it is this dwell time that massively increases the risks of attack (especially a targeted one). Many devices have been on home networks for over a year now!
Our homeConnect offerings allow us to provide a range of solutions to not only protect home users but to allow the home office to truly become a node on the network that is patched, managed and secured in the same way as you protect your office networks.
We can offer this security over the existing connection or provide a range of separate connections to suit all requirements… get in touch to find out more about how homeConnect manages and controls home network risk for the future.