- Somehow, employees now have to ensure the security of their own companies
- Consumer-grade routers have become the guardians of corporate networks
- ISPs now have to provide security for both consumers and the companies that employ them
The paradigm shift that took place when employees moved from the office to the living room seems like a great deal for companies, at least on paper. Lower overhead appeals to organizations looking to cut costs, but moving people from the corporate security umbrella to a living room with a cheap router will eventually cause more harm than good. Surprisingly, ISPs (and not employees) are now next-in-line to provide that security.
Some people are all too happy to work from home, and many companies quickly discovered that keeping them there is a great cost saver. If the same organizations skimp on buying the right tools to secure remote connectivity, the ingredients for disaster are in place.
Companies have invested a lot in cybersecurity resources, which have to cover the internal network and infrastructure in many situations. Attackers had to deal with layers upon layers of security. In some cases, if the company was large enough, it might even staff a Security of Operations Center (SOC). Even if a particular system was compromised, it was a lot easier for security to catch it early on with so many protections.
Two-bit router for two-bit protection
Consumers don't employ high-grade protection at home. While it's good to have your house and your IoT devices safe, it's not exactly Fort Knox. For the longest while, routers have been just a way to get Internet in the house with minimal security. No one believed or imagined that the same routers consumers got on Black Friday for a bargain would eventually be responsible for keeping so many companies secure.
Unfortunately, consumer router manufacturers got off easy because no one really asked them to raise the bar on security. Now, all of a sudden, devices left unpatched since the day they left the assembly line are required to keep hackers at bay.
Routers are often misconfigured, still use the default credentials specified for its series, have open ports, or are simply chock-full of vulnerabilities that haven't been fixed and never will be. This is the device supposed to protect the modern smart home and the remote worker connecting back to his multinational company.
It's impossible to ask employees to protect their company's infrastructure with their home router and a security solution installed on the work device. This job falls onto the ISP because those employees now working from home depend on their capabilities. The ISP manages a similar network, just like the company, but with less security.
Adopting an IoT security platform should be the default position of any ISP looking to protect its customers and hardware. The Bitdefender IoT Security Platform was designed with this purpose in mind, to help telecoms provide a security blanket over customers and their devices by using the existing hardware.
Of course, employees and the companies they work for should seriously ask themselves if the ISP responsible for security has the right tools to do this. While employees can't be expected to invest in securing the company they work for, they might be interested, as customers, to look for an ISP that can actually help them work safely from home, with the bonus of also protecting their smart homes.