Protect your walls!

Once upon a time there was a friend I helped to secure his company network, that called me telling that there was some problems and that the monitoring systems indicates some traffic to a blacklisted endpoint (recognized as a C&C malware system).
The thing seemed a bit strange to me, because I thought I had done quite a good job securing his network, so I asked him to send me the firewall logs.
I noticed that the traffic was generated only by a single ip in the LAN, specifically from the laptop ip of my friend.
A quick check brought me to determine with certainty that the malware infected the laptop while he was using it at home.
When I asked him to talk about his home LAN he responded “I’ve a netgear router …”. …