Given the dynamic, ever-changing consumer technology landscape, law firms’ technology professionals may never be able to secure personal devices and at-home networks to the same degree as office-based infrastructure.
But if we have learned anything over the recent past, it’s that preparation should not be ignored merely because we worry our solutions may be imperfect. By advising your remote technology users on how they can best secure their personal as well as their professional information inside and outside the office, you build on their cybersecurity awareness. If you consistently share best practices with your employees, you’ll increase your firm’s security over time.
To help managers build their remote users’ cybersecurity defenses, we suggest starting with their home Wi-Fi network’s security settings. Implementing some simple and commonly offered features can greatly enhance your firm’s information security. Below are seven general recommendations you should share with employees for securing their home Wi-Fi network against unauthorized access.
1. Change the default name of your home Wi-Fi network. One of the first steps to a safer home Wi-Fi network is to change the service set identifier network name (SSID); this is the name that is publicly broadcast. It makes it easier for a hacker to identify a target. Often, these are set to a company name, a last name or a device manufacturer. The best practice is to change the network’s SSID to something that does not disclose any personal information.
2. Change your default wireless network password and make it unique and strong. Most routers come preset with a default password, which is often easy to guess and even easier to find on the internet by hackers — especially if they know the router manufacturer. A good password for your wireless network consists of at least 20 characters and includes upper- and lowercase letters, numbers and special characters. This change will make it difficult for unauthorized users to access your network. Perhaps consider using a personal phrase that has meaning only to you — just don’t use your birthday or pet’s name.
3. Enable network encryption. Modern wireless routers come with an encryption feature, but it is often not turned on by default. Turning on your wireless router’s encryption setting will secure your network. Encryption should be turned on during wireless network installation. At the very minimum, encryption should be set to WPA2 and, if available, WPA3.
4. Disable Wi-Fi network name broadcasting. This won’t broadcast your SSID to the public. For businesses, libraries, hotels, restaurants and others that want to provide Wi-Fi internet access to customers, broadcasting an SSID is useful, but it’s usually unnecessary for personal wireless networks.
“If we have learned anything over the recent past, it’s that preparation should not be ignored merely because we worry our solutions may be imperfect.”
5. Apply Wi-Fi router software updates. Manufacturers constantly update software for their devices to keep them more secure and stable. A router’s firmware, like any other software, contains flaws that can become major vulnerabilities unless they are fixed by firmware releases. Always install the latest software and security patches to ensure no security hole or breach is left for hackers to exploit. Most routers now come with an auto-update option that should be turned on.
6. Turn on your Wi-Fi router’s built-in firewall. A firewall is designed to protect computers from harmful intrusions. Wireless routers generally include built-in firewalls and other security features, but they are sometimes shipped with them turned off. Be sure to check that the wireless router’s firewall and security features are on. If a firewall or security feature is not available, then you should investigate upgrading your router’s firewall with a better solution, such as Fortinet FortiGate.
7. Create a guest wireless network. Most Wi-Fi routers now come with an option to set up a guest wireless network isolated from the regular network and all devices. This is a great option when giving internet access to your guests or friends, as it will keep the rest of your network secure. The guest network should be secured with a strong password and follow the same procedures and best practices mentioned above.
Encouraging your law firm’s remote technology users to implement these basic network security features will further extend your firm’s cybersecurity beyond its office walls. Building remote users’ cybersecurity defenses will remain an ongoing, constructive process that your IT staff and/or managed service provider should regularly address. Refreshing your firm’s cybersecurity awareness training with tips for remote workers — building on the lessons learned over the past year — should be high on your list of updates to your information security strategy, as well. As the world haltingly reopens, now is not the time to let our guard down.