Smart Home or Business Wi-Fi Security

If you have a smart home or small business, it is just about guaranteed that you have Wi-Fi for clients and internet of all things devices to use. That needs to be setup correctly or your business and personal information can be a risk. Now more than ever it is really important that you have multiple layers of security between simple devices like your garage door opener, a Wi-Fi network that you allow clients/visitors to use, and your personal information or business.

The reality is that security needs to be layered. The type of attack that can get through a device firewall is has trouble succeeding against a network firewall. Firewall security that uses behavior modeling (i.e. AI assisted) can detect new attacks before they have the opportunity to damage you even if they are “new”. As we approach our first “zero day” event (a virus that has mass distribution on day one deployment), you cannot wait for an updated virus definition to protect your business.

Best Practices

  • Install a router that allows you to have separate main network, guest network, and internet of all things (IoT) device network. This means that there will be firewalls between the portion of your Wi-Fi network used by your smart TV vs. what is used by the laptop running your business. If you have kids, the network they “share” with visiting friends should NOT be the same network that you are running your home business. If you own a physical business location, do NOT allow clients/visitors to use the same network Wi-Fi connect that you have your business information using. Credit card transactions should not be on the same network that you allow strangers of the street to use.
  • Make sure you have a router and modem (called a gateway if it is all in one physical device) that can manage traffic. In a 4-person household, it would not be a stretch to have 3 laptops, 2 smart watches, 4 tablets, 2 smart TVs, a Ring Doorbell, and probably at least one gaming system just at a starting point. You need something that can automatically balance the traffic between the laptop attempting to login to a Zoom, the kid streaming an online game with his friend, your spouse checking on social media, and your doorbell registering movement at your front door without causing any one of these activities to be “paused” or “buffer”.
  • Have the network login information appropriately accessible. This means for example the default network that guests should be used probably is written on a piece of paper on the refrigerator or a small, laminated sign in the store/office location. Your business network login information needs to be notated somewhere you can find it, so when you need to update a business device it doesn’t become a “seek and destroy” mission.
  • Change your Wi-Fi login information at least once a year.
  • Install Firewall/Antivirus software on individual devices like laptops, desktops, tablets, and smart phones. Depending on your network hardware you may have availability to additional firewall protect that is on those networking hardware. This leaves your data behind multiple layers of protection that are all configured differently with different strengths and weaknesses. Security Sources Examples: From your IP provider, Your Network Modem, Your Network Router, Your Individual Device Firewall, and your Individual Device Antivirus.
  • Stop clicking on links from unknown sources OR from a known source but not typical content. If you are not expecting to receive a “joke” from a client, you may want to reach out to the client and make sure they really sent it before you click the link for the meme!

Router Examples that have the ability to provide multiple Wi-Fi networks that have firewalls between each.

Give me a call/text/email if you want some help getting your current Wi-Fi configuration secure and with all the no-coverage areas removed!!!

Antivirus vs. Firewall – Do I Need One or Both?

What is an antivirus program and how is it different than a firewall program? Both are security programs commonly used on computing equipment, but they function very differently. Antivirus programs work by having a “definition” of viruses (think of it as a cheat sheet). It scans currently installed and incoming data or programs for programming code that matches those definitions. Firewalls are about network traffic and communication. They have a “cheat sheet” of malicious websites and prevent communication to or from those locations. More advanced firewalls will monitor the communications or traffic generated by the installed applications on a computer for behavior type to ensure something like a word processing program is not sending credit card numbers to a 3rd party. One works at the boundary between a computer and the internet. The other works at the point where data and programs are stored. Palo Alto breaks it down in more detail in this article!

The next question is do you need both or is one better than the other? For most of us, we should have both. Computer and internet security works most effectively when you layer defenses. A type of attack that can penetrate one defense is typically vulnerable to other types of defenses. Firewalls are GREAT at preventing problems but do NOTHING if something gets through. Antivirus software is good at scanning new files and programs, but really comes into play when something gets through the firewall. The antivirus will recognize the infection and remove it if possible. If not, most will quarantine the impacted files and await instructions on how to handle them. By combining both types of security you greatly reduce the potential impact of malware.

One of the areas I see exploited by malware is because the average user has everything connected (smart phones, computers, laptops, tablets, home smart appliances, cameras, etc…..) but doesn’t have everything protected. For some devices, like appliances, you cannot add stand-alone antivirus or firewall programs. It is very important on those programs (especially if they have any access to the internet or other devices) to update their firmware. The first question I get asked is what is firmware and how do I update it? Think of firmware as simplified software that involves the most basic of commands. For example, firmware will define to the rest of the machine what happens when an on/off button is pressed and what the “true/false, yes/no, positive/negative” signal from that button means. Almost all software today has a setting to either automatically update firmware OR to update it upon request. Really simple machines that do not connect to the internet (Example: an old toaster) never need an update to their firmware.

The next area of concern is devices connected to the internet and part of your home network that do NOT have a stand alone firewall or antivirus installed. The most common example is your smart phone. This is especially a problem because we use our smart phones to look up stuff, complete financial transactions, login to multiple accounts, etc…. This makes our smart phone a tier 1 penetration point (high risk) and yet commonly users only install a firewall and/or antivirus on their computer or laptop. Most never think about their smart phone.

What are some anti-virus and/or firewall products users can install or is the default/free stuff that comes with your operating system enough? In my opinion, if you are running a business or doing anything with money (including making purchases); you should have both installed. Free anti-virus and firewall programs are better than nothing but will not protect you from a major attack OR help prevent an infection from spreading. Forbes has a good article that breaks down the pros/cons for some of the major players. Some options are:

  • McAfee & Norton – probably two of the most well known providers. Both are approximately the same price, have protection for laptops/desktop/tablets/smart phones, require some computing resources to function and therefore will slow your device down some, have user interfaces that assume you are NOT a geek, etc….
  • Eset – has become more popular because of the quality of protection it provides and the minimal resources required to run.
  • Trend – very simple user interface that many users find intuitive to navigate.

If you wait for something to happen, the consequences are significantly more costly than if you take protective steps first. One of the first steps we all should take is to list all the devices that connect to your home/business network. Next, check the settings of any involved firmware to see which ones you need to schedule for manual updates. If they are on a schedule for automatic updates, users need to periodically check to make sure it is happening. Now you need to determine which devices have little or no protection but are capable of running a stand alone antivirus and/or firewall program. This will be just about all devices running an Apple, Windows, Android, or Chrome OS. Finally, install protection where you are able, ensure simple devices that cannot run stand-alone protection have multiple layers of security provided by various network devices, and remove network access for anything you determine is “not worth the risk” (Example: old gaming device that you never play but is connected to your network).

Finally, if you don’t feel comfortable doing this, you should be hiring someone like me to periodically review your devices and help minimize your risks.