How to keep a secure home network: 10 tips and tricks
Your wireless home network provides access to the internet or your company network quickly and easily. Multiple devices, private or company owned, can connect to a router and connect wirelessly to the world wide web. It’s easy to forget about the router once a wireless connection is established. But as the number of WiFi devices we use increases, so does the router’s importance in our everyday life. Think of all the smartphones, tablets, company laptops and even IoT devices we connect to our home network daily.
Increasing WiFi security in the ever-changing cyber threat landscape of today should be a priority. Most WiFi networks are not secure by default and the risk of cybercriminals breaching poor WiFi security measures is a serious threat. Knowing how to improve your home WiFi network security is of utmost importance. After all, you don’t want cybercriminals to break into your home WiFi network and wreak havoc. This risk shouldn’t be taken lightly as more of us work from home due to the COVID-19 pandemic. In the following article we discuss a number of practical considerations on how to better secure your home WiFi network and reach a basic level of security.
1. Change the SSID
Each WiFi network has a name, also known as an SSID. Default SSIDs may contain details about your internet provider or your router. Hacker can use this information to compromise your network. For added security change your WiFi network to a custom ‘name’ or hide the network entirely by disabling SSID broadcast in your router’s settings.
2. Change the WiFi password frequently
Most people still use the default passwords of their router. They share the password with others, but fail to remember that this password is stored on their devices. If the WiFi password falls into the hands of criminals via cracking or hacking, these criminals can and will use it to benefit their goals. You can avoid this risk by changing your router/WiFi password frequently.
3. Have a guest network
If one of your friends is hacked and connected to your network, this means that the hacker has the password of your WiFi too and probably more , such as: IP-address, logical and/or physical location, etc. This information is the basis for an attack against you and other connected devices. Most routers have a guest network feature with an unique SSID and password. You can safely provide the password for the guest network without compromising your security.
4. Change the username and password of the WiFi router
Most users do not know the password of their router or what it is for. Routers are shipped to consumers with default username and passwords that provide administrator-level access to router settings. Lists can be found online with default router passwords and once the right one is found, anybody can access your router. This poses a huge threat. For instance, instead of opening your bank website, hackers provide you with a site very similar to the one you know, even the address might be the same. Nothing seems suspicious, but what you don’t know is that hackers now have the credentials to login to your bank accounts. So stay safe and set a unique administrator username and password.
5. Regularly update the router’s firmware
Firmware is your modem’s operating system. Firmware isn’t perfect and developers release firmware updates – also known as ‘patches’ – in order to correct vulnerabilities – also known as ‘exploits’ which could be taken advantage of by criminals. By frequently updating the firmware, you will reduce the risk of attacks based on vulnerabilities in the firmware of your device. This applies to all of your digital devices. From the camera to the TV, refrigerator, or any other connected device to the internet, they all need updates.
6. Monitor and manage the connected devices
You might think that only your computer and phone are connected to your WiFi network. But, sometimes you might be surprised when you see all connected devices. Router settings allow you to inspect the full list of devices currently connected to your network. Login to your router and make sure all connected devices are known to you. If necessary, router settings will let you restrict or ban connections from specific devices through a process known as MAC filtering.
7. Manage DMZ
The DMZ (demilitarized zone) is another service that lets your devices in your home network be (remotely) accessible from the internet. This can be handy, but improper settings can expose all DMZ-connected devices to the wrong people. Hackers love this, because once they’re in they will have access to all connected devices. Imagine that you have a webcam connected to your DMZ. This webcam may be publicly exposed unless the DMZ is configured properly. A hacker could target webcams with the same brand as yours in order to connect and spy on you. This creates a huge breach of your privacy and one that can be avoided with proper DMZ settings.
8. Disable remote access to the modem
Features of modern modems may include remote access. Normally you need to be connected to the network to reach the modem settings. But if remote access is enabled you can manage your modem from wherever you have access to the internet. Here lies the risk: if you are able to connect remotely, so is a hacker. Prevent this by disabling remote access if you don’t use it (frequently).
9. Disable USB sharing port
Most modern modems provide an option to connect anything to your modem by the means of a USB port. This can be helpful when connecting devices such a printer, to your network. But if your modem/network is compromised, so are the connected devices on the USB port. It is wise to disable USB ports if you don’t use them.
10. Disable WPS
WPS, also known as WiFi protection setup, is a convenient feature for modems and routers because it prevents you from having to enter a long and complicated password. But this convenience comes at a price: WPS creates an additional attack vector. Any intruder with physical access to your modem will be able to connect a device to your network without your knowledge by using WPS. To prevent this, either disable this feature or hide your device in a physically inaccessible location such as a locker.
Security is an ongoing process and not a one-time activity. You’ve already come a long way by implementing just the basic measures listed above, but ongoing protection requires continued effort. Cybercriminals are always looking for new, inventive ways to compromise our systems, and we must adapt accordingly. We recommend a security review every three months.
If you like to discuss the specifics of securing your (company) network or if you have other IT issues relating to cybersecurity or privacy, please don’t hesitate and contact Crowe Peak.
A secure home network doesn’t mean that the risks of working from home are also mitigated. A secure home network doesn’t ensure a secure remote login environment to the company network. To help companies understand the risks inherent to allowing employees work from home, Crowe Peak has published a free online self-assessment to help you evaluate the security of your company’s remote access environment. Click here for the self-assessment (in Dutch).