Cybersecurity in Your Home Is Essential to Cybersecurity in Your Business

In this post-pandemic era, remote work, work from home, hybrid work are all models that many businesses have adopted and are now used to. Even for businesses where work is performed on location, it is not uncommon for business owners or employees to login to their work environments and get some work done in the evenings or weekends. It is also not uncommon for consultants and people in other professional services to login to work from a coffee shop. Whatever you call it, the subtext in all of these situations is that your company’s digital assets, be it your computing resources or your customer data or your intellectual property, get accessed from multiple different networks. The bad guys have already taken notice. 42% of companies polled in a recent survey have already experienced cyberattacks on their executives and their families. Earlier this year, LastPass, a cybersecurity company, announced they had been breached. The cause of the breach? A work-from-home employee’s home computer was hacked and the hackers traversed the home network into the corporate computer. The objective for hackers is to get to your data or resources and if there is an easy way in and a hard way in, guess which one they are going to opt for? Most home networks are completely undefended. If each and every one of us is not thinking about our home being an extension of our company’s network, it is time now.

Attack Surface of the Connected Home

The Deloitte 2022 Connectivity and Mobile Trends survey identified that the average American home today has about 22 connected devices. That in essence means that the average home today has more computing power, networking capacity and storage capacity than a small enterprise did about 20 years ago! But if we want to think like a hacker, we need to look at every possible entry point and in that context the attack surface is really composed of:

• your devices,
• your apps,
• the online services or websites you use
• as well as the people in your home!

People have always been the weakest link when it comes to cybersecurity – the very reason that all of us are fully familiar with words like ‘phishing’. Protecting people in the home means protecting the digital footprint of every person in your family. When it comes to securing the home from cyberattacks, you cannot have a conversation about security without a conversation about privacy! Our behavioral information such as where we shop, what we watch, what health conditions we have, what apps we use, what devices we have, etc are just as important to secure as our personal information such as social security number, our email, etc. The more information we leak, the easier it is for malicious actors to personalize attacks against each and every one of us. Add to this the fact that the age of commoditized Artificial Intelligence (AI) has begun. Hackers now have tools that can create targeted and personalized attacks en masse against us.

Defending Your Home and Your Family in the Age of AI

Let us be clear about one thing. Just like there is no door lock that you can get for your home that can stop every kind of thief, there is no one thing you can do to stop every kind of cyberattack. Cyber defense is a risk reduction game. Your role in this game is to increase the cost for the hacker to attack you and your family. Put another way, it needs to be a better use of their time and resources to move on to the next person rather than spend time getting past your defenses. So, what do we need to do to protect our homes?

Cyber hygiene needs to become muscle memory for everyone in our family. Your defense is only as strong as your weakest link and we need to ensure that everyone in our families has good cyber safety awareness and habits. So, what does cyber hygiene entail? As we see it today, there are 7 major areas of online behaviors that most of us are engaged in and where we need to develop a strong muscle memory. Let me go through some tips for each of these and here is the best part – most of these are FREE to do:

1. Password Safety: Advanced password cracking tools are easily available to download and use. Any password that is 6 characters or less even if it is a combination of letters, numbers and symbols can be cracked in minutes if not seconds! All passwords need to be a minimum of 12 characters or more with a combination of letters, numbers and symbols. And yes, fortify that by adding 2 factor authentication wherever possible.
2. Email Safety: So many of our accounts are linked to our email addresses. Keep separate email addresses for critical accounts such as your financial accounts, subscriptions, etc and separate ones for receiving coupons, newsletters, etc. Where possible use an email anonymizing service like what Apple provides.
3. Device Safety: Every connected device we bring to the home is a new vector of attack. Keep in mind that many of these devices come with apps that allow you to control them from outside the home i.e. they open up a route into your home from the outside. Keep all devices updated with the latest patches and security updates from the manufacturers. Make sure to review all of their security and privacy settings and turn off anything that is not relevant for your use of that device.
4. Social Media Safety: C’mon people – we do NOT need to post on a public forum that we are out on vacation in Italy. Ensure all posts are only for your connections. Never accept connections from unknown persons. There are more phishing attempts that happen on social media messaging apps than on email! So, do not click on any links or forwards in group chats or posts. Ensure your list of connections is not public and so is your profile. And please do not list your date of birth on your public profile.
5. App Safety: Think of something and there is an app for that. Remember that apps are software programs that are installed on your devices and may be able to access other resources on your device. Apps have been found to collect information on our geolocation, they have been found to spy on the data that we copy to our clipboard, our microphones, our cameras. Do not download apps from outside of the large reputable apps stores. And even for those apps, review their security and privacy settings and deny them permissions to anything that is not relevant to the context of the app. And remember, apps may be on your TV, your thermostat, your smart speaker. Apps may come by other names such as ‘skills’. If you don’t use them, delete them!
6. Gaming Safety: Do not just blame the kids, there are gamers amongst us as well. Do not download games from untrusted stores and do not click on any links in gaming chat channels. These have become one of the largest sources of distribution of malware. Also, do not reveal your IP address, real life name, geolocation to anyone else in a game
7. Network Safety: The home network is now pretty complex with devices and apps talking to the outside world but also to each other. Make sure your home router is well protected with the highest level of encryption enabled and also has a very strong password that you change regularly. If you can afford it, get multiple routers and segment the non-critical devices in your home such as gaming systems, TVs, etc to a separate sub-network. Slightly harder to do but worth the effort.

Cyber hygiene is going to teach us how to avoid those dark alleys but the reality is that as we get more computing that may be worn or be embedded or may even be ubiquitous, we are now at the point where we also need tools to defend ourselves just like we installed alarm systems with continuous monitoring services for our homes even though we have locks for our doors and windows. Our cybersecurity and privacy posture needs to be independent of the apps, devices, our home internet router, our browser and even our internet service provider. Given the growth in devices, apps and services, it will be absolutely impossible for us to keep track of every security and privacy setting across each of them. We need to invest in whole home Intelligent Digital Safety tools that protect both our privacy and security across every device, app and service we use in our home.

We at Nandi Security are thrilled to announce the availability of our industry leading Deep Privacy Analysis capability within our Kavalan Standard product. In addition to automatically blocking cyber threats such as malware, botnets, keyloggers and more across every device in the home, Kavalan also blocks thousands of privacy threats in each home every single day. There is no software to install, no hardware or devices to buy and Kavalan can be set up in any home in 5 minutes or less. The Deep Privacy Analysis feature within Kavalan gives users contextual insight into privacy threats such as which companies may have had access to your geolocation, search history, browsing history, payment information, etc so that users can, for the first time, make intelligent choices for themselves on their internet habits and reduce the attack surface of their connected homes.

To learn more about Kavalan, please feel free to contact us at [email protected] or reach out to us through the Massachusetts Business Network website.

This is a contributed piece published by Vikram Venkatasubramanian, the founder and CEO of Nandi Security, Inc. Vikram has over 25 years of experience in the technology industry including 15 years in the cybersecurity industry. Vikram has a Masters degree in Mathematics from IIT, Chennai, a Masters degree in Computer Science from the University of Missouri-Columbia and an MBA from Cornell University. When not busy defending homes from cyberthreats, Vikram is an avid cricket and soccer fan.

Interested in submitting a contributed piece? Fill out our contact form.