May 10, 2023 By Jennifer Gregory 3 min read

You depend on your home network for binge-watching your favorite shows and ordering the perfect pair of shoes. When it’s time to pay bills or manage your retirement accounts, you likely head online as well. Not to mention that home networks make it possible for you to work from home and for your kids to do schoolwork. If your home network isn’t up and running, then conducting your personal business and staying entertained can become challenging, if not impossible.

Many people think of a cyberattack as something that happens to large companies. However, home networks are increasingly the targets of cyber criminals, who use them as a gateway to corporate networks through remote workers. Since you are a remote worker, your habits and setup at home can actually be the cause of a major corporate breach, which is definitely a career-limiting, not career-enhancing, move.

“In the age of telework, your home network can be used as an access point for nation-state actors and cyber criminals to steal sensitive information,” said Neal Ziring, National Security Agency Cybersecurity Technical Director. “We can minimize this risk by securing our devices and networks and through safe online behavior.”

By taking extra precautions, you can increase the odds that your home network functions each time you need it throughout your day. Recently, the NSA released best practices to help you secure your home network. The guidelines fell into two categories — changes to make to your network and changes to make to your behavior.

What is network security?

Simple changes keep your network secure

Here are steps to take with your hardware and software to reduce your risk:

  • Upgrade to a modern operating system and keep it up to date. Secure routing devices and keep them up to date.
  • Implement WPA3 or WPA2 on the wireless network.
  • Implement wireless network segmentation.
  • Employ firewall capabilities.
  • Leverage security software.
  • Limit your use of the administrator account.
  • Safeguard against eavesdropping.
  • Limit administration to the internal network only.
  • Schedule frequent device reboots.
  • Set up a secure connection for telework, such as a VPN.
  • Upgrade to a modern browser, and keep it up to date.
  • Set up authentication safeguards, such as two-factor authentication.
  • Configure your email client to use the transport layer security (TLS) option (Secure IMAP or Secure POP3) to encrypt your email in transit between the mail server and your device.

Behavioral shifts make a difference

In addition to physical and process changes you need to make for your home network, the report focuses on ways your behavior can improve cybersecurity. Here are the best practices you should be following when you get online:

  • Keep online activities separate, especially work and home activities. By using separate devices for different activities, you can reduce your risk of personally identifiable information being breached. For example, use a separate device for banking business than for online shopping or social media. Additionally, do not use personal accounts for work purposes such as accessing files.
  • Limit your use of public wireless. Each time you connect over public wireless, your connection is not secure and you put your data and device at risk of breaches. Instead, use a wireless hotspot or VPN.
  • Protect yourself on social media. Make sure to set your profiles to private or friends only to reduce your exposure to unknown people. Additionally, do not post personal information such as your address, phone number or where you work. If you get friend requests from people you do not know or are sent unknown links, proceed with caution, as they may be from cyber criminals.
  • Follow email best practices. Do not open unknown files or click on links that you receive in your email. Consider not using out-of-office notices, which announce you are out of town.
  • Use good password hygiene. Create strong passwords, and do not use the same passwords for multiple accounts. Consider using a password manager, which makes passwords both easier for you to remember and harder to hack.

Adopt NSA best practices to keep data safe

As remote work and increased digital processes facilitate both personal and professional business, cyber criminals are likely to keep home networks in their sights. By taking proactive steps today, both in your setup and habits, you can reduce the risk of having your network inoperable from a hack or breach. And just as important, you don’t want to be known as the person at your company who caused a breach by falling for a phishing scam.

More from Risk Management

Digital solidarity vs. digital sovereignty: Which side are you on?

4 min read - The landscape of international cyber policy continues to evolve rapidly, reflecting the dynamic nature of technology and global geopolitics. Central to this evolution are two competing concepts: digital solidarity and digital sovereignty.The U.S. Department of State, through its newly released International Cyberspace and Digital Policy Strategy, has articulated a clear preference for digital solidarity, positioning it as a counterpoint to the protectionist approach of digital sovereignty.What are the main differences between these two concepts, and why does it matter? Let’s…

A decade of global cyberattacks, and where they left us

5 min read - The cyberattack landscape has seen monumental shifts and enormous growth in the past decade or so.I spoke to Michelle Alvarez, X-Force Strategic Threat Analysis Manager at IBM, who told me that the most visible change in cybersecurity can be summed up in one word: scale. A decade ago, “'mega-breaches' were relatively rare, but now feel like an everyday occurrence.”A summary of the past decade in global cyberattacksThe cybersecurity landscape has been impacted by major world events, especially in recent years.…

It all adds up: Pretexting in executive compromise

4 min read - Executives hold the keys to the corporate kingdom. If attackers can gain the trust of executives using layered social engineering techniques, they may be able to access sensitive corporate information such as intellectual property, financial data or administrative control logins and passwords.While phishing remains the primary pathway to executive compromise, increasing C-suite awareness of this risk requires a more in-depth approach from attackers: Pretexting.What is pretexting?Pretexting is the use of a fabricated story or narrative — a “pretext” — to…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today