Cybersecurity at Home: Protecting Your Network
If you have Wi-Fi at home, you likely use a router to connect your many devices to the internet. Your router controls the passage of all data that travels into and out of your home network. Every device that connects to your router (desktop PC, laptops, tablets and phones using Wi-Fi) can be compromised through that same router if it is not properly secured.
The first line of defense for home network cybersecurity is defending your router from unauthorized access. You can accomplish this yourself by accessing your router settings to bolster your level of protection and by formulating good habits when it comes to public network use.
Most routers are set up to “plug and play,” however, the factory-set defaults are often not preconfigured to their most secure settings. The tips below can help you protect against unauthorized access to your network.
Check your router settings
Your router may be accessed through a specific IP address typed into your web browser or through an app on your phone. Once you have accessed your router, check the settings. You can change basic and advanced settings to improve your Wi-Fi network’s security.
Your router should have come with documentation that tells you how to access settings. If you do not have this documentation, you can typically find it online by searching for your router’s make and model. You may be able to read it online or download a PDF from the manufacturer’s website.
Update your firmware
Firmware is low-level software that helps your router operate at peak functionality. It controls security standards, dictates what devices can connect to it, installs security patches and bug fixes, and in general makes your router more secure. Even if your router is a newer model, it may need to be updated before use.
Most routers have a setting that allows firmware to update automatically. This is typically easy to find in your router’s control panel. Check to make sure this setting is “on” to protect your router from exploits. Run an update immediately in case any were missed. From there, your router should update automatically in the background.
Change your password
Once you have checked your firmware updates, return to your router settings and make sure WPA2 (Wi-Fi Protected Access 2) security is enabled. This requires every new device to submit a password to connect. If WPA3 (Wi-Fi Protected Access 3) is available, use that instead, as it offers improved functionality over WPA2. And, if your router is Wi-Fi 6 compatible, meaning it can send a single transmission to multiple devices, you can use it even if your devices are not compatible yet.
Your router settings panel should give you a list of everyone who is connected to your network. If you have named all your personal devices, it should not be hard to verify that there are not any unauthorized devices. If you are unsure, change the password. This will kick everyone off and force them to log into the network again using the new password. The key to choosing a password is that it should be easy to remember but impossible to guess. When you change your password, your router will warn you if the password you are choosing is deemed too easy to hack.
You may also want to consider using a short passphrase instead of a password to enhance security. A passphrase is a series of words that create a phrase that is longer in characters, easy to remember, but hard to crack. A passphrase contains around 20 to 30 characters and does not contain your username, real name or company name. An example of a passphrase would be “design2code4coffee.”
It is tempting to make it as easy as possible to connect to your router from different devices, but every step you skip makes it easier for hackers to gain access. Unless you have a need to access your router remotely as an admin, it is safer to disable remote access from outside of your home.
Also turn off Wi-Fi Protected Setup, or WPS, so that new devices cannot connect with a simple PIN or push of a button. Do the same for Universal Plug and Play (UPP) and go through the manual steps to configure devices like gaming consoles and smart TVs. Many newer devices can access your home Wi-Fi network but that does not mean that they should. If you do not actively use a Wi-Fi connection on a device in your home, disable that function at a device level. The fewer points of entry to your network, the less likely you are to be compromised.
For devices that do connect, create unique names and passwords for each and utilize a password manager to keep everything straight. Update device software regularly and change passwords with the same frequency that you use for your router password.
Set up a guest network
Use your router settings to hide your SSID (Service Set Identifier); this keeps your network from showing up on available Wi-Fi network lists for devices scanning for open networks. If you are not easily seen, your network is safer from attack.
Your router may provide a guest network option, which you can use for granting limited access to your network but not to other connected devices or files. You can deliberately add guests to your network, and then they will be able to access a connection without seeing your private files.
Install a VPN
A VPN (Virtual Private Network) adds a layer of encryption to all data traveling in and out of your home network and masks your router’s location. You can use a VPN that is browser-based or subscribe to a VPN service.
Stay secure in public
Once you have configured your router and at-home devices, think about how you use devices and Wi-Fi when you are away from home. Do not charge devices using public USB ports, as these can be used to download malware onto your device. Instead, carry an AC adapter and charger and use that instead.
Avoid using public networks when possible, and if you must login, keep the session short and do not transmit personal information. Change your passwords on sensitive sites (like your bank’s website portal) if you must access them when you are away from home.