Ask any cybersecurity professional how you can make absolutely sure that your devices at home and at work are secure and they will tell you with a raised eyebrow that there is no such thing as “100% secure.” There is no silver bullet that is going to prevent a savvy intruder, but there is a short list of things that you can do to hedge your chances of mitigating a risk.
Face it, security is not convenient and, depending on your level of skill, it can be a distraction from your normal workflow and even a headache, at times. Take passwords for example. Despite earlier recommendations from IT pundits, the best password is NOT randomly computer-generated with a fixed alpha numeric and symbol schema. Password cracking programs can crack these types in a matter of minutes to hours at the most. What is commonly known now is that the lowly passphrase with a minimum of 15 characters is the hardest to crack (over 365 years some say). Of course, you should combine upper- and lower-case letters and numbers. A symbol or two in place of a letter is always a good idea (3 for E, @ for a, ! for I, etc.). The idea is that a passphrase is something that you typically will not forget. You want to avoid song lyrics, famous movie quotes, and any personally identifiable text. As an example, we all move through life growing up with silly little sayings or have a favorite expression for something that can be used. However, there is one golden rule: CHANGE THE DEFAULT PASSWORD!
Securing the Home Office: Wi-Fi Networks
The national Institute of Standards and Technology (NIST) provides several tips for securing home office Wi-Fi networks and devices. Depending on your skill level, some can be easily implemented. Most modern home Wi-Fi routers provide WPA3 encryption for information that is being transmitted between wireless routers and wireless devices. WPA3 is currently the strongest encryption. In addition to encryption, other tips include:
- Protect Your Service Set Identifier (SSID): To prevent outsiders from easily accessing your network, avoid publicizing your SSID. All Wi-Fi routers allow users to protect their device’s SSID, which makes it more difficult for attackers to find a network. At the very least, change your SSID to something unique. Leaving it as the manufacturer’s default could allow a potential attacker to identify the type of router and possibly exploit any known vulnerabilities.
- Install a Firewall: Consider installing a firewall directly on your wireless devices (a host-based firewall), as well as on your home network (a router- or modem-based firewall). Attackers who can directly tap into your wireless network may be able to circumvent your network firewall—a host-based firewall will add a layer of protection to the data on your computer.
- Maintain Antivirus Software: Install antivirus software and keep your virus definitions up to date. Many antivirus programs also have additional features that detect or protect against spyware and adware.
- Connect Using a Virtual Private Network (VPN): Many companies and organizations have a VPN. VPNs allow employees to connect securely to their network when away from the office. VPNs encrypt connections at the sending and receiving ends and keep out traffic that is not properly encrypted. If a VPN is available to you, make sure you log onto it any time you need to use a public wireless access point.
Securing the Home Office: Desktop Printers
Whether it is a single-function printer or MFP, the older the device, the less secure it is. Older models tend not to have more modern security features built into them. From a home office perspective, with cyber-criminals running rampant during the pandemic and work from home policies being extended for the unforeseen future as an option by many companies, you should open your wallet and ditch the old standby. Perhaps your company even has a managed print program where they will ship you a new printer or reimburse you for the purchase of one.
Securing the HQ Office
By now, securing devices in the office has become somewhat routine—at least on the MFP side of the equation. The antiquated single function desktop printer risk is still a factor, but one would hope that with any comprehensive managed print service contract, their respective vendor would be attentive to mitigating the issue. Known as “end-points” in the security world, these MFPs are still considered low hanging fruit by cyber-criminals looking to exploit vulnerabilities in company security postures. Fortunately, most manufacturers (to date) have bolstered the security features of their devices with system technologies, such as:
- Secure Boot: Where at start up, the system checks the bios, firmware, and the embedded applications for any unauthorized changes and (if found) alerts administrators and shuts down.
- Run-Time Intrusion Detection: Where it can uncover any anomalies in the system memory and protects the printer while it is connected to the network. It can detect malware intrusion attempts during complex firmware and system memory operations, and then validates that the memory space is not modified.
- Self-Healing: In the case of the secure boot and run-time intrusion, some manufacturers enable their devices to “self-heal” the unauthorized malfeasance. In other words, enable the device to automatically fix the problem.
- Device Hardening: The act of device hardening is a proactive practice by resident IT or administrative staff to disable specific ports (e.g., network, USB, etc.) and ensure that secure and encrypted transport protocols are configured. The golden rule is: “if you don’t need it, shut it down.”
- Centralized Device Management: This has become table-stakes for MFP OEMs to provide. It is critical to enable device administrators and IT staff to manage a single device to an entire fleet from a centralized dashboard, where they can update and validate security certificates, misconfigurations and firmware updates, reducing the IT labor burden, and helping the organization manage costs.
You can learn more about securing devices at work and at home by visiting The National Cybersecurity Alliance (NCSA) website.
To get involved with the NCSA and NCSAM, click here.
Get Caught Up
October Is National Cybersecurity Awareness Month: Kickoff
October Is National Cybersecurity Awareness Month: Week 1