Don’t Let Home Networks Compromise Your Business Network

December 5, 2011 - 2 Comments

Follow this basic checklist to ensure employees are safely connecting to your company LAN

When you combine almost ubiquitous high-speed Internet connections with affordable wireless networking gear and mobile devices such as laptops and smartphones, many of your employees will create home networks that allow them to work remotely. However, many people don’t have security on their personal networks. Before you allow your employees to access your business network remotely, you need to be sure their home networks are secured.

This isn’t as tricky as it seems. Many of the security measures you’re currently using on the local network can be applied to employees’ personal networks, such as requiring strong passwords on laptops, mobile phones, and home routers. Even if employees are using their own equipment to work remotely, you can enforce specific rules for accessing company resources. For instance, you can require that everyone use an encrypted virtual private network (VPN) to connect to your business network. Also stipulate that every computer, including smartphones and tablets, that accesses business data has antivirus and antimalware software installed and is working with the latest threat updates.

A Home Network Checklist

Of course, everyone with a home network should take steps to secure it. Hackers and other cybercriminals lurking on the Internet target individual users and small businesses along with large enterprises. No one is safe from viruses, malware, Trojans, and other malicious activities designed to steal identities and sensitive information like bank account numbers. The U.S. National Security Agency (NSA) recently published a guide to help everyone protect their networks from all manner of online threats. Encourage your employees to follow these best practices before logging in to your business network from their home.

1. Upgrade operating systems to the latest version. Microsoft Windows 7 or Mac OS X Lion have built-in security improvements that can help prevent many common attacks. Also, all operating systems should be configured to automatically receive updates and security patches.

Likewise, the operating systems of any smartphones or tablets used for business should be kept up to date. Considering how often consumer devices like iPhones and iPads are used by teleworkers, employees should follow the NSA’s recommendation to connect their mobile devices to the host computer at least once a month to download any critical software updates and to back up data.

2. Stay on top of application updates. Software should be kept current, too. To stay ahead of security vulnerabilities, employees should regularly install any updates and security patches on their home networks. Whenever possible, users should configure their applications to automatically search for updates, and, if this isn’t available, make it a habit to check vendors’ websites for new downloads at least once a month.

3. Install a comprehensive security suite. The NSA recommends installing a host-based suite of security products on home networks as well as the business network, which includes antivirus, antiphishing, safe browsing, Host-Based Intrusion Prevention Systems (HIPS), and firewall capabilities. These various security measures provide a layered defense that will protect against most common threats. Of course, this software should also be configured to receive regular updates.  Also enable the applicable security features on the Internet gateway device used on the home network.

4. Limit the use of the default administrator account. Usually when you configure a Windows or Mac computer for the first time, you automatically create a local administrator account, which has privileges that regular accounts don’t have. Using this account while online can give hackers an easy way to gain access to a personal computer. Instead of using the admin account for most activities, employees should create and use a non-privileged account for browsing the Internet, checking email, and other work-related tasks. The admin account should only be used for installing software and reconfiguring the computer.

Similarly, the admin account for home network devices should be configured for internal use only; the external remote administration option should be disabled. Otherwise, an attacker can use this admin account to compromise a home network.

5. Use WPA2 encryption on the home wireless network. Most home networks are wireless and should be encrypted using the new WPA2 (Wi-Fi Protected Access 2) security protocol. Older computers and wireless routers may not support WPA2 without an upgrade. According to the NSA, the previous security protocol, WEP (Wired Equivalent Privacy), can be hacked in just a few minutes.

These five steps are just the beginning for protecting home networks. Like your small business network, the security of home networks is a constantly moving target that must be monitored for new security vulnerabilities.

Do you take any steps to ensure your employees are connecting safely to your business network from their homes?

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.


  1. Very good point Barun. I do think Michael has the right idea though and is getting his point across. Even when dealing with Homes PCs and Home Networks updates can cause issues but this is rare.

  2. Hello Michael,

    You have mentioned “Stay on top of application updates”. Somehow, I feel little different about this point as not all the latest update for a given application are stable enough. There are many application, for example Mozilla, they launched series of updates in the last couple of months, one after the other as the updates were having some or the other issues and they did it until they end up making a stable app.

    Again when you say Upgrade operating systems to the latest version, it is a little tough ask.
    1. With the new OS that you want to put in to your system, you need to upgrade the hardware as well for optimum use of that OS, which is not always feasible.
    2. Again not all the latest OS are very user-friendly or good enough. Like after XP, MS launched Vista, which I felt was one pathetic OS. But now they have come up with windows 7, which I feel is really good. So, again, not all the latest OS are good enough.

    Rather, I think people should wait for the most stable updates, get feedback about the new releases. Otherwise, the pace with which the technology is changing every single day, people will have to keep updating there apps and OS every single day.