Sending the kids back to school is not like it used to be, how your work could be compromised…
By Dan Ogle- Panacea IT Expert
Back to School – Keeping Work, School, and Home Cyber Safe
Today’s classrooms provide much more access to technology than when I was in school. This was the case prior to the COVID-19 pandemic, but it became much more apparent during it. When schools shut down and transitioned to remote and remote-hybrid learning models, several schools provided students with laptops, Chromebooks, tablets, and other smart-devices to take home and continue learning.
I remember as a youth seeing my school’s internet security in action. Back then, they used Bess, a web-filtering content-control software represented by a dog named Bess that would “bark” when a student tried to access a site that was caught by the filter. Bess was used to prevent students from accessing inappropriate sites, or sites “non-conducive to furthering one’s education”, on the Internet. However, it was not uncommon for students with a little more extensive computer knowledge to attempt to bypass the filtering services in order access the content they desired. In the late 90s and early 2000s this content was mostly web-based games and “adult material”. This was in middle school.
Fast forwarding a few years, I remember seeing high school classmates playing a very popular multiplayer first-person-shooter video game on the school’s classroom and library computers. This was accomplished by a student installing the game in a hidden folder on the school’s server that only select students were aware of how to access to play the game. This went on for several months until the IT staff became aware of it, found and removed the game from the server. What the IT staff failed to do though was to increase the security and monitoring of the school’s network. Because of this, the students were able to re-install the game in another folder and continue playing it.
A cat-and-mouse game ensued between the IT staff and the students. The students would install and play the game for a few weeks, IT staff would find out and remove it, the students would re-install it . . . over and over again. I knew some of the students who were part of this operation. They were smart, got great grades, honors and advanced placement (AP/IBL) classes, and highly regarded by school staff; they weren’t considered bad or misbehaved. But they were breaking the rules nonetheless.
Now, think about the access to information and tools that were available back in the late 90s – early 2000s, and what members of my generation were able to do get around school computer security by having basic computer skills. Imagine what that might look like today . . . yikes!
Since 2020, several companies have afforded their employees to work from home using company-provided systems. Initially, this caused several issues relating to cybersecurity for both schools, families, and businesses. With everyone working from home, the security for all the network traffic for education, personal use, and employment now resides on the regular user’s home network.
Why could this be a problem?
Let’s explore: your child is playing a game on the internet, either from their personal computer or video game console while listening to music from smart home device. Your other child is streaming a virtual class on their school smart-device. Meanwhile, your boss has asked your company to join him in a video conference meeting with several other employees. That is a lot of web-traffic to manage for most residential modems and routers! This exact scenario took place among tens of millions of users since 2019. Most of these users experienced significant issues with the quality of service of their home internet (choppy video conferencing, audio cutting in and out, unreliable connectivity, etc.).
Aside from quality, this scenario presents several potential security risks for businesses with work-from-home (WFH) employees. Let us assume for a moment that the average person’s home network is not as restricted or secured as their business’ network. WFH employees could potentially expose risk to their companies by conducting business-related tasks on the same network they use to binge watch their favorite TV shows or do online shopping. These personal activities, even if done from separate, non-company devices, can potentially cause damage to your work devices and information.
Think of it like this: you are driving down a highway in your “business” vehicle. You are being safe and following all the traffic laws because your “business” vehicle was manufactured in such a way that protects you from performing actions, intentionally or unintentionally, that could damage the vehicle or other vehicles on the same highway. Meanwhile, someone on the same highway is driving a “personal” vehicle. This vehicle is in good enough shape to be on the road but has not been as well-maintained as your business vehicle. Additionally, the driver knows the rules of the road but is not protected from performing actions, intentionally or unintentionally, that could damage the vehicle or other vehicles on the road, including your business vehicle. The driver of this vehicle makes a poor, but all too common, decision to text while driving next to your vehicle. They get distracted, swerve in and out of their lanes, and eventually lose control of their vehicle and crash into yours.
This accident was obviously caused by the other driver and not you, but this accident would not have involved your business vehicle if your business vehicle were driving on a different highway than the personal vehicle. The same kind of damage can occur on your business computer if you are using it on the same network (or highway) which is also used by your personal devices. Damage to the device itself, whether it’s to the hardware or your own internal network, is probably the most accepted risk employers take to accommodate WFH employees. It is a risk for sure, but certainly not the one that requires the most attention.
The biggest risk to companies with WFH employees and the ever-expanding consumer “network-attached, home-use, smart device market” is securing their company information from external attacks. Most companies use a device called a firewall at their offices to protect their networks, and antivirus/antimalware protection on their information systems to protect themselves from cybersecurity threats. For WFH employees, the antivirus/antimalware is still on the business machine, but as mentioned before, the home network is not as protected as the business network. The solution to add this network security is to use a company-specific virtual private network or VPN.
Most firewalls come with a feature to deploy a VPN for remote users to receive the same level of network protection at home as they do in the office. Unfortunately, this practice is not as widely used as it should be for various reasons. The main reason? They do not how. If a company does not have an IT department on staff (expensive!!!) or a managed services provider (MSP) for IT support (less expensive, very cost effective), setting up and deploying a company VPN for remote users can be overwhelming.
However, as the cybersecurity landscape grows, so does the potential and actualization for risk. At Panacea Solutions, we work with several companies with WFH employees. We can help you with securing your home network for business. Our commitment to continued excellence drives us to remain current in all fields associated with our many support services, including cybersecurity. I have personally worked with several MSPs and I can say beyond a doubt that Panacea Solutions is by far the most customer-focused, quality-service-driven organization I have ever been involved with. Give us a call or send us a message! We work with clients all over the country and would love the opportunity to show you what we can do for you.