Securing Your Home Office From IoT Devices With Zero Trust Architecture

In today’s online climate where you and your family’s Personally Identifiable Information (PII) can be compromised with a single click of a mouse, it is more important than ever to secure your digital assets. Whether you realize it or not, your home network is as vulnerable to attacks as a Fortune 500 company. The average home has at least 10 or more devices that access the Internet, such as smart TVs, phones, tablets, appliances, lights, computers, thermostats refrigerators, garage doors openers, and wearables.  The ecosystem of devices that connect and work through the internet are known as the internet of things, or IoT. IoT devices depend on Internet access to work properly, and in general, make our lives more enjoyable.  

When you think about your home office, do you know every device that is accessing your network and how it interacts with the internet? YouTuber & TikTok’er SecEngineer, who reviews IoT devices and their hidden vulnerabilities, discusses this very topic on his channel. Spoiler alert - there are some shady lightbulbs out there.  

Sec Engineer’s YouTube channel highlights how home office setups lack the proper security protocols and sophistication of a corporate network. The remote employee’s data and devices are potentially at risk from the numerous devices that are on their home environments, such as other computers with low or no virus protection, home internet appliances, poor router configurations or no firewall security.

Zero Trust Principles

The good news is that using Zero Trust (ZT) principles can reduce risk. Zero Trust principles highlight three main things when it comes to your data and security:

1. Trust No One
2. Least Access Needed
3. Always Assume A Breach

Zero Trust is a way to put safeguards in place to make a system more secure. Microsoft realized this problem themselves in their hybrid workforce model in their article, “New insights on cybersecurity in the age of hybrid work”. (Figure 4D)

I noticed this problem myself some years ago. My Verizon ActionTec router was very basic and lacked the proper security. I was unaware just how unprotected my home network was from a cyber-attack. My thinking at the time was probably similar to many others, which was “Why would anyone hack me? I don’t have anything of value”. This thinking was extremely flawed as cyber thieves see information itself as the keys to great wealth.

My eyes were opened when a good friend recommended I take a look at a product line called Ubiquiti. The product was relatively affordable. Ubiquiti offered a graphic visual dashboard that gave me visibility into my home network, firewall protection and the threats that my network devices faced. For the first time I was seeing alerts that a network storage device (basically a large hard drive) was being attacked by cyber thieves in other countries. I was immediately able to take action by blocking unwanted data traffic from reaching my network device. I was also able to block physical origin locations using the technology called “geo blocking”.

I believe most people who have a home network have no idea that their small home network has been hacked, their files are being stolen, and their passwords are being copied with their own smart devices being used against them. More than ever a Zero Trust Network Architecture solution is desperately needed not just for businesses but the home/office as well.  

Here are some steps you can take to secure your home office:

1. Don’t have computer screens facing a window where someone can spy on what you type or see account information.
2. Make sure you have a complex password (12 alphanumeric characters or higher) on all computers. Passwords should never be “password” as the name.
3. Change your password at least once a month and don’t reuse the same password or parts of the same password.
4. Turn on the screen lock of your computer. Make sure to set a screen lock timer that locks the device within 5 minutes of inactivity. The shorter the time, the more secure it is.
5. Install a good virus and malware protection program. Make sure this program can check your email for unwanted viruses as well.
6. Logoff any computer and browser that you aren’t using. Having an account left open provides programs or another user unwanted access without your consent.  
7. Utilize network segmentation to prevent IoT devices from being on the same internal network as your most secure data. At the very least we recommend three separate networks in your home: one for IoT devices, second for home/office computers and lastly a guest network for friends & family that visit your home.  
8. Consider upgrading your router/firewall for better protection. Make sure your router has VLAN ability, IDS/IPS protection and multiple SSID broadcast ability.
9. Use a MultiFactor Authentication(MFA) or 2-Factor(2FA) solution that protects personal identifiable information for data in cloud storage.
10. Stored information in cloud systems should require authentication, logging/tracking to track access and identify anomalies. Continued access must be re-authenticated with a key after set timed intervals.

By taking these steps you can ensure a safer and more reliable experience within your home’s network.  

IoT devices are truly great products that make the daily life better. Products such as IoT aren’t going away and their use will only increase over time. While this article only touches the tip of the iceberg on Zero Trust, we believe that these three key ZT principles are necessary for any network to function better, be more reliable and ultimately safer. MindPoint Group has been providing trusted Cyber security solutions for business over the years. Shouldn’t a valuable asset like your home be equally protected and secured? A carefully vetted Cyber security approach can help protect what is important to you, and as an industry leader MindPoint Group is leading the way.

‍