Keys to Securing Employees’ Home Wi-Fi
Recently software company Atlassian told employees they could work from home forever. The move made the more flexible work-from-home policy introduced due to COVID-19 a permanent policy. Atlassian joins the rapidly growing list of companies such as Twitter, Zillow and Square who have recently announced similar permanent policy changes. Atlassian will still maintain their corporate office space in Sydney, San Francisco, Amsterdam and other locations but employees have the option to work remotely indefinitely. Atlassian, who has over 5,000 employees spanning the globe, will strive to measure employee performance based on outcomes as opposed to time in the office.
As employees around the globe transition to either full-time remote work or in many cases added flexibility around part-time remote work policies, IT departments are learning how to rapidly scale remote access to corporate systems and networks. Establishing single sign-on portals and virtual private networks (VPNs) are common first steps in deploying a remote workforce. But security and ease of access need to extend all the way out to how employees are connecting to the internet remotely and more often than not, this includes establishing secure Wi-Fi in the employee’s home.
Tips for Securing Home Wi-Fi
Standardize equipment
Having 100 different Wi-Fi hardware configurations for 100 individual employees is an IT nightmare and security disaster waiting to happen. IT departments should standardize employee Wi-Fi through access points such as the WatchGuard AP225W that can be sent out pre-configured with all corporate security policies in place. Employees simply need to connect the access point to their home router and they have standardized access. Through standardized equipment, IT departments can more easily respond to connectivity issues, apply security patches across the entire workforce, monitor for threats, analyze performance and avoid the possibility of a misconfigured access point (AP).
A Misconfigured AP is an access point that has a configuration (such as encryption or other security requirements) that do not adhere to your network security policies. In busy networks where new APs are deployed, it can be easy for a network administrator to make a configuration error and enable a private SSID with open security and no encryption that potentially exposes sensitive information to interception over-the-air.
Establish a Trusted Wireless Environment
If you can’t standardize equipment across your workforce, you can still establish a trusted wireless environment to ensure Wi-Fi access is safe. A trusted wireless environment is a framework for building a complete Wi-Fi network that is fast, easy to manage and secure. According to Ryan Orsi, director of product management for Wi-Fi at WatchGuard, these are the steps to follow:
- Connect to your company’s network via VPN (virtual private network).
- Change the SSID (service set identifier) in your home cable model or router to ‘hide’ to keep Wi-Fi hackers away.
- Use WPA2, or if you can, WPA3-protected modem/router.
- Change the password to your Wi-Fi network frequently. Don’t use the default settings.
- Create a guest network for people in your household, so that they can connect to it without getting access to your company’s network.
Those steps will keep your employees safe in a controlled home environment but it is important to also protect against connections outside of the home where your IT department does not control the environment. Some corporate security policies will deny access to 3rd party Wi-Fi from a company managed Wi-Fi client. This level of control helps to eliminate even accidental connections to neighboring APs but also greatly limits the user’s ability to work away from their home network.