Wireless Working, Part I: Risks of working from home

Working from home and using a wireless Internet router calls for special security precautions on the part of brokers and other business employees, creating an opportunity for brokers to advise commercial clients about their risk and insurance needs.

Many insurance brokerages have employees working from home, Christian Gilby, director of product marketing for Hewlett Packard Enterprise Company’s Aruba unit, told Canadian Underwriter on Jan. 19. Brokers need to take precautions if employees are working on customer files (such as renewals) at home and connecting to the Internet using WiFi, he said.

When brokers place cyber insurance, they could advise clients that when employees work from homes with WiFi routers, those home computer networks are “often not setup” with information security in mind, said Dave Millar, business executive for security at IBM Canada.

WiFi essentially lets computers exchange data over a radio without requiring a cable. One common WiFi application is consumer Internet routers, which allow people in a home with laptops and smart phones to connect to the modem without a cable.

Depending on the situation, a hacker with a WiFi device can listen in from a city block away. Some WiFi access points, which are essentially radio antennas that route traffic from wireless to wireline networks (Ethernet cable, for example), use no secure data encryption at all.

In Part 2 of this Wireless Working series to appear next Monday, Canadian Underwriter readers will learn what precautions companies should take when using WiFi at coffee shops, airports and other public places. Part 3 next Tuesday will explain how to manage risk when using WiFi instead of cables for computer networks in an office.

When employees work from home over WiFi, Gilby recommends they use a virtual private network (VPN). To create such a network, an employer installs software on the worker’s laptop, said Timothy Zimmerman, research vice president at Gartner Inc., a Stamford, Conn.-based information technology research and consulting firm. A hacker could still eavesdrop on a VPN user’s WiFi traffic, but the transmission would be gibberish to the hacker, Zimmerman said.

Someone working from home using a WiFi network should have some basic knowledge of how to secure the network. For example, some workers have non-computing devices, such as fridges and toasters, with Internet Protocol addresses that connect to their home computer networks, Zimmerman warned.

This means a criminal could hack into the user’s home network through an “Internet of things” device rather than through a WiFi access point. This in turn could “provide some ability to scrounge around and/or find and look for information on devices connected to that network,” said Zimmerman.

Many consumers use the WiFi router provided by the Internet service provider (ISP). If they do not change the default service set identifier (SSID) and password that came with the router, this increases the risk of a miscreant eavesdropping on the communication. Passwords should be long and “complex,” and the user ID should not give away information such as the user’s name and address, Millar says.

Instead of using the WiFi on the router supplied by their ISPs, users could buy a second router, disable the WiFi on the ISP-provided router, and use the WiFi on their own router instead, Millar suggests.