Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Edge Ask The Experts

09:15 AM
John Bock
John Bock
Ask the Experts
Connect Directly

How Can I Help Remote Workers Secure Their Home Routers?

The most effective way is with employee security education.

(Image: Oleksandr Delyk via Adobe Stock)
(Image: Oleksandr Delyk via Adobe Stock)

Question: How can I help my remote workers secure their home routers?

John Bock, senior research scientist at Optiv Security: With so many organizations' employees working remotely due to the pandemic, what security teams can do to help secure their home routers/firewalls is getting renewed attention. Why should we view an employee's home router as any different than one at a coffee shop or hotel network? Well, for one, it's a more static and predictable location for an attacker, especially if we are including Wi-Fi access points, common to all-in-one gateway devices. These days, the home router also likely includes a home network with a variety of entertainment and home automation devices, all of which could have their own vulnerabilities.

Related Content:

Firmware Flaw Allows Attackers to Evade Security on Some Home Routers

Teach Your Employees Well: How to Spot Smishing & Vishing Scams

How Can I Help My Users Spot Disinformation?

Most organizations will manage this situation with a focus on hardening the endpoint to operate in an assumed hostile environment, which aligns with modern best practices for host defense.

Without good public examples of extending enterprise vulnerability management down to the personal home network, the most direct route is with employee security education that focuses on basic home gateway maintenance and avoids advanced configuration topics. Our technical users are likely ahead of the curve when it comes to home security issues anyway, and it's the users who have never logged into their home routers who cause the most concern.

Here's a basic set of guidance to tell your users:

  • Log in to your router, check for firmware updates, and upgrade if one is available. Set up a monthly task, maybe alongside bill paying, as a reminder to log in to see whether any new versions are available.
  • Verify that "Remote Administration" or "Administration from WAN/Internet" are disabled. If enabled, they allow access to the management UI from the Internet.
  • Review firewall settings for any open or proxied ports. If you're unsure of the origin of a particular entry, disable it.
  • Check Wi-Fi network settings, if applicable, and verify you're using WPA3 Wi-Fi security standard – if your devices support it – or, at least, WPA2.
  • Make sure your network password is complex and not related to the network name.
  • Review your attached devices list for anything suspicious, and verify the identity of unknown hosts.


John Bock is senior research scientist at Optiv. Prior to this role, John was vice president of threat research, and before that he was the leader of Optiv's application security practice, which provided application pen testing and other software security services. With more ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
6/7/2021 | 1:05:22 PM
Shields Up?
Would documenting the process to have users perform a reverse port scan using a site such as Gibson Research Corporation's Shields Up work?  At least we would know if they had any open ports that could be targeted. 
User Rank: Author
2/8/2021 | 9:47:53 AM
While the advice in this article isn't wrong, I think it's quite hard to do this well without some kind of automation to detect the router/gateway and provide tailored instructions to the end-user for their specific model. Endpoint vendors could do a lot (since they are operating within the network) to help deliver information about the security of the router or AP to the security (with the end-user's consent)
User Rank: Ninja
1/14/2021 | 12:17:14 PM
Securing routers
I would say provide them with configuration files that locks down the routers, especially if they are using a certain kind from a vendor. 

Also, talk with the vendor to see if they would be willing to work together to develop a secured process for their employees.

Cartoon Caption Winner: Magic May
Flash Poll