executables, teens are known to visit risky sites, and many family members don’t understand the risks of
            spam, unable to spot the difference between real and fake apps and emails.

            Each  of  these  devices  represents  an  entry  point  for  attackers,  and  threat  actors  know  this.  They
            understand that WFH employees are unprotected by centralized enterprise security stacks. Once a bad
            actor  has  gained  access  to  an  edge  device  on  the  home  network,  they  can  go undetected,  moving
            laterally across the network to the end goal: the company’s corporate devices and data.

            With the millions of additional points of remote access now in use, threat actors will be scanning more
            often, leading to more brute force attacks and more lateral movement. Security teams quickly need to
            find an alternative method for securing WFH Wi-Fi connections.



            Shoring Up Home Defenses:

            Work from Home (WFH) is a viable alternative for many companies, but unfortunately, IT teams weren’t
            ready for the inherent risks and implications that home Wi-Fi networks pose.

            Organizations have no visibility or control over these home Wi-Fi networks, and therefore cannot trust
            them.

            Home Wi-Fi hygiene can be improved by regularly changing passwords for Wi-Fi networks, changing the
            default router password, creating a guest network, and keeping router's firmware up to date.  However,
            even  with  those  steps,  risks  persist  for  organizations  with  WFH  employees  because  enforcement  is
            impossible, meaning the organization will never achieve full compliance. These steps also don’t solve
            the gap in protection left by VPNs

            Organizations need to find an easier, enforceable way for securing WFH employees.




            Extending Zero Trust Access to Any Remote Wi-Fi Connection

            The assumption that all networks are dirty is fundamental to any effective remote work security strategy
            such as Zero Trust. The best way to ensure that a home worker doesn’t corrupt the corporate network or
            otherwise expose key assets is to isolate their devices from their untrusted home Wi-Fi networks. In
            essence,  this  means  micro-segmenting  the  remote  device  and  creating  a  network  of  one.  This  step
            extends Zero Trust access to any remote Wi-Fi network connection.

            The  Center  for  Internet  Security's  Wireless  Access  Controls  recommends  users  “Create  a  separate
            wireless network for personal or untrusted devices. Enterprise access from this network should be treated
            as untrusted and filtered and audited accordingly.”

            That’s what endpoint micro-segmentation achieves: the employee’s device is physically isolated from the
            rest of the home Wi-Fi network, with plug and play USB hardware that delivers a “micro-segment of one.”
            This approach protects the individual’s device and the organization’s network from the various home Wi-
            Fi borne threats that security software doesn’t address.





            Cyber Defense eMagazine –June 2020 Edition                                                                                                                                                                                                                         59
            Copyright © 2020, Cyber Defense Magazine.  All rights reserved worldwide.