The quick answer is: almost no one.
Before getting to the longer, more thoughtful answer, consider the satisfactions of running your business from home. You cherish your autonomy. Making space for the entrepreneurial spirit is why you’re doing this in the first place. You actually enjoy wearing multiple hats—procurement officer, CFO, head of HR, overseer of IT—even if they don’t all fit snugly.
Nationally, roughly 50 percent of all small businesses are home-based, and that number is trending north. Home businesses are, arguably, both closer to customers and more distant from formal business infrastructures and systems. That status quo is decidedly a mixed blessing.
It’s not your imagination that home business owners always seem to be the last to know. They certainly were late last spring, when the FBI issued an urgent advisory recommending that businesses reboot their routers to thwart a Russia-linked malware infection responsible for compromising more than half a million devices. Remember receiving that memo—the one reminding you that you were unwittingly relying on routers and other devices that were threatening your computer network? I didn’t think so.
Working largely with corporate IT users – its constituency—Cisco’s Talos threat intelligence team revealed the existence of VPNFilter, which may be as pernicious as malware gets. VPNFilter corrupted devices in nearly 60 countries. According to Talos, the malware can “intercept network traffic and inject malicious code into it without the user’s knowledge.” A subsequent alert in early June revealed that VPNFilter is actually more insidious and compromised a greater number of routers than initially reported.
This wasn’t gear from esoteric or boutique hardware makers: the brands in questions fill the shelves at your local big box store. They’re the kinds of tech products upon which home businesses depend. Check that; they’re not the kinds of products—they’re the actual products: Linksys, MikroTik, NetGear, TP-Link, QNAP, ASUS, D-Link, Huawei, Ubiquiti, UPVEL, ZTE.
VPNFilter, which effectively turns the firewall against the user, is a silent killer. It’s capable of disabling the infected device completely and rendering it unusable. It can be triggered on individual infected machines or en masse to cut off Internet access for hundreds of thousands of victims.
For home business owners, VPNFilter is especially problematic because it illuminates a hole not simply in router/firewall security but in the way manufacturers and retailers communicate with users. For perhaps obvious reasons, neither manufacturers nor retailers have an incentive – or any effective means—to alert home-based businesses and resolve the problem. IT professionals travel in a different crowd, one attuned to the language of risk. Home businesses tend to be more concerned with keeping the lights on.
So who’s got your back?
Potentially, responsible cloud providers. “Responsible” in this context means attuned to the needs and nuances of businesses that really are on their own. Responsible cloud providers bring to the task a phalanx of time-tested tools, procedures and technologies that ensure continuous uptime, regular backups, data redundancy, data encryption, anti-virus/anti-malware deployment, multiple firewalls, intrusion prevention and round-the-clock monitoring.
If your server isn’t already in the cloud with this class of provider, it needs to be. VPNFilter was repurposed expressly to attack devices obtained via the consumer channel and deployed in environments where no one—and no technology—is available to monitor and log traffic.
Precisely because home businesses are “twice vulnerable”—to nefarious actors bent on laying anyone low via cyberattacks, and to the inaction that regrettably results from being left out of the loop – now is prime time for vigilance. In the age of malware, vigilance is a verb, calling on home businesses to partner with those equipped to address these toxic moving targets by handling security for them.
No home business owner consciously chooses to shortchange security. Businesses buy and install firewalls that are designed to be hardened against these kinds of threats. But when a VPNFilter-like attack renders the shield vulnerable and all bets appear to be off, DIY may suddenly give way to surrendering at least one of those hats.
Who knows? With the right hosting partner in tow, VPNFilter could turn out to be the silver lining to this cloud.