Are you doing the cybersecurity basics at home? If so, what’s next?

By: Matthew Karnas, Cybersecurity Practice Director, VMD Corp

Process is the crucial DevSecOps enabler

Published on Oct 29, 2021

Cybersecurity awareness month this year is coming to an end, but the need to secure everyone online doesn’t stop. Cybersecurity awareness month was established by the National Cyber Security Alliance and the U.S. Department of Homeland Security (DHS) in 2004 and has tried to help everyone be a little more secure since. It has been a time to reflect on best practices at home and work to protect us from potential cyber threats. Back then, according to the National Cyber Security Alliance, “awareness efforts centered around advice like updating your anti-virus software twice a year to mirror similar efforts around changing batteries in smoke alarms during daylight saving time.” Times and technology have changed. When thinking about home cybersecurity, the following best practices come to mind:

These are best practices everyone should be familiar with, even if you’re non-technical. If you have problems with any of these best practices, reach out to someone for help, whether it’s a friend, family member, or paying someone for assistance. When you have a roof leak, you call a roofer; when you have a plumbing problem, you call a plumber; be willing to pay for technical support to ensure you and your family are secure. A small investment upfront is worth avoiding the potential headaches at a later date.

Let’s say you have the basics down, and you are utilizing all the best practices and approaches listed above; what is next? Two things that stand out as future steps in securing your home are using advanced security settings on home routers and leveraging domain name service (DNS) protection. At home, the number of devices connecting to the internet from your router is constantly increasing, from guests visiting to the vast number of internet of things (IoT) devices in use, anything from light bulbs to HVAC systems. It’s challenging to prevent devices from communicating with one another on the network and restricting access to resources on the internet. Each device should have assumed vulnerabilities or weaknesses; with the growth of external threats, there is an increased probability of potential financial loss, loss of personal information, stealing of credentials, malware infiltration, and possible ransomware attacks on individuals.

Home wireless routers come with a variety of features, especially from a security perspective. Isolation, with virtual local area networks (VLANs) and protection, with intrusion prevention systems (IPS), are features that are slowly being introduced into home wireless routers. VLANs are segmented networks defined by software, allowing similar devices or use cases to isolate them from the rest of the network. Review the typical types or groups of devices that access your home network; this could include: guests, kids, family, work, and IoT. By creating a VLAN for each category, you can group, isolate, and place rules in place for each grouping of devices. On top of that, home wireless routers are starting to provide intrusion detection systems (IDS) and intrusion prevention systems (IPS) as part of the features. IDS is a feature that detects and alerts of potential threats, while IPS detects, attempts to block threats, and alerts of intrusion attempts.

DNS protection services provide filtering capabilities of potentially dangerous sites and remove unwanted content, including ads. A DNS protection service integrated with a home wireless router helps secure any device accessing the internet without installing or modifying the device. As a parent, it has also been helpful to add parental fine-grain controls on what is accessible for our children from our home network. A DNS protection service can also provide analytics on usage and traffic patterns typically unavailable for home networks. Below is an example of a DNS protection service I use with the number of queries made to the internet and the percentage blocked, mainly due to ads, over three months. Our family never noticed any changes to our internet access, but we reduced our internet footprint by 21%.