How can I protect my wi-fi network at home?
When home WiFi networks were first rolled out, the average user could expect to connect a small handful of devices at any given time. Today the average household has 10+ devices connected and home networks have become increasingly sophisticated. Hackers are on the lookout for vulnerable networks, and once they’ve broken in they can use malware to force your internet connected devices to harvest cryptocurrency, issue denial of service attacks, or even steal your personal data.
Protecting your Wi-Fi network doesn’t have to be difficult and to help you get started we’ve put together a list of 9 tips that everyone should follow to stay safe online.
Change your wifi’s default network names
When setting up your WiFi network SSID (Service Set Identifier) you’ll be given the opportunity to customize your network’s name. This is a chance to pick something witty, silly, or just easier to remember than TP-Link_DFD8. However, changing the preset name also increases your home network’s security!
When hackers are looking for networks to break into, knowing the manufacturer of your router gives them a valuable piece of information for them to start planning their intrusion. The manufacturer’s default SSID lets them know the default username (and default password should you have forgotten to change this!!) as well as lets them know which vulnerabilities they should try to exploit first.
Cybersecurity is a lot like any other type of security – you don’t necessarily need to create an invincible fortress, most criminals are looking for easy targets so small steps like this vastly increase your safety.
Use a strong password for your router
This should go without saying, but a weak password is almost as bad as no password. Despite cybersecurity threats being on the rise year after year, people insist on choosing simple, easy to guess passwords like 123456. In fact – 123456 has been the most popular password since 2013.
Similarly you should avoid easily guessed information like your phone number, elements of your address, birthday, or anniversary.
If your ISP provided you with your router it may have come with a default password which seems secure. On some level, these long passwords are secure, but anyone with access to your router will be able to read the default password and be able to log into your personal network. Always change your router’s password!
The reason people use simple passwords is obvious: password fatigue. In an era where every app requires a password and workplace passwords seemingly change monthly, it is understandable why someone would want a simple password for their home wi-fi network.
However, for your safety, resist the siren call of bad passwords! Modern technology has made it easier than ever to share passwords without having to remember long strings of alphanumeric gibberish.
Put your WiFi password into your phone just once and you’ll be able to easily share it with family and friends. Android and Apple iOS devices have added functionality which makes it incredibly easy to share passwords via QR codes – no more flipping over the router while trying to read a faded sticky note in the dark!
One often neglected part of home network security is changing your router’s network administrator password. While your WiFi password allows you to access the internet from your router, the router admin password lets you change the router’s internal settings. Use a different password than you’ve selected for your WiFi network and be sure to select a strong password for this as well.
Instead of writing both of these passwords down on a strip of tape adhered to the side of the router, use a secure password manager instead. This way you still won’t have to remember the password, but it will be safe from snooping eyes.
Make sure you use the strongest encryption possible.
Having a strong network password won’t do you any good if you’re using outdated encryption protocols – you can think of it like putting a sophisticated lock on a screen door.
Thankfully this is one of the easiest elements of cybersecurity to implement and is as simple as checking a box in your router’s security settings. You should ensure that your network is using Wi-Fi Protected Access 2 or 3 (WPA2 or WPA3), sometimes these options are listed as WPA2-PSK or WPA2-Personal.
The older encryption protocols like WPA and WEP have significant security flaws and can be easily hacked. WEP was originally released in 1997 and today its flaws are so well documented that there is even a WikiHow article detailing how to crack it. WEP is not secure and should not be used for home internet connections.
The only potential downsides to enabling newer encryption is that some old devices (15+ years old) may not be able to connect. However, the security that is given up to keep these legacy devices in service makes this a small price to pay.
If you are really concerned about network security be sure to use a router which features WPA3. WPA2 is still a relatively robust encryption protocol, but it has documented flaws which can allow a dedicated attacker to break into your network. Released in 2018, WPA3 addresses these exploits and currently provides the best consumer grade network protection.
Keep your router and all internet connected devices up to date.
We’ve all been guilty of selecting “remind me later” when a nagging message informed us that an update was available, however, this is one of the most important elements of staying safe online!
Router manufacturers release firmware updates. to patch security exploits as they’re discovered. By ignoring these updates your router is left exposed to cybercriminals, potentially exposing you to security risks ranging from bitcoin mining malware to the theft of your personal data.
When possible, you should enable automatic updates on your routers (and other devices!) as this will make for one less thing for you to remember. If your devices ask you to restart after an update, humor them and restart. The minor inconvenience of keeping your router’s firmware up to date is nothing compared to the hassle of dealing with cybercrime or identity theft.
This advice applies to every device with internet access – from mobile devices to internet connected smart appliances. Don’t forget to keep your operating system and web browser updated as well! Neglecting to keep each element updated is like having a home security system but leaving your window open when you leave the house
Use a firewall to protect the devices on your network.
Many wireless routers on the market today ship with a built-in firewall, which offers another layer of protection against cyberattack. Firewalls work by scanning inbound and outbound traffic for known threats and stopping those which trigger its alarms. Their ability to protect your system from external threats as well as internal threats is what makes firewalls such an important part of your network security.
While most routers include a firewall you’ll need to be sure to enable it in your router settings. Many years ago firewalls could be finicky to use and may have even required specialized knowledge to ensure that your network continued to function normally, but today they are extremely user friendly and require little to no user intervention to work properly.
In addition to your router’s firewall, consider using a firewall on your PC as well. Windows computers ship with a built-in firewall which provides adequate protection. Many third party antivirus software include firewalls too, and may offer more robust features for the power user.
Setup a separate network for your home’s smart devices.
From refrigerators to thermostats to smart vacuum cleaners, more devices are connecting to the internet and potentially exposing your network to security risks. Often these smart home devices, collectively referred to as the Internet of Things (IoT), are not built with security in mind and have lots of vulnerabilities which hackers can exploit.
Instead of allowing these devices to coexist with your smartphone and computer on your network, create a separate network for these devices to inhabit. This way, even if one of these devices gets infected it won’t have access to your more sensitive data.
Setting up one of these separate networks is simple and doesn’t require shelling out money to your internet service provider for a new connection! To begin you’ll need to access your router settings – the exact steps to do this varies by manufacturer but generally you’ll type your router’s IP address into the URL bar of your web browser. The two most common IP addresses for many routers are 192.168.1.1 or 192.168.0.1. If these don’t work, just look up the name and model number of your router online and find its product manual. Your ISP may have also provided you with detailed instruction on how to gain access to these settings, so refer to their provided literature.
After logging into your router, look for router settings pertaining to VLAN, or virtual local area network. Once you’ve set up your VLAN simply connect your IoT devices to this new SSID. They’ll continue to be able to access the internet and will function normally, but won’t have access to your network connected personal devices.
Speaking of separate networks, set up another network for guests to connect to.
It might go without saying that whomever you let into your home you trust on some level. However, that doesn’t mean you should trust their devices! If a phone or laptop is infected with malware and connects to your network, the infection can spread to your own devices!
To prevent this, create a guest network for visitors to use. This is generally a very easy process and most routers make setting up a guest network quick and easy. Some routers will have options that say “Allow guests to access local network resources” and “Allow guests to access settings.” The wording may vary slightly, but be sure to disable these options – otherwise your guest network won’t actually provide you with any significant security!
Guest networks can actually be a good option for your IoT devices as well. If you don’t see an option for creating a VLAN or the process is intimidating, using a guest network offers much of the same protection.
Turn off Universal Plug and Play
Universal Plug and Play (UPnP) is a protocol which allows easy setup of internet connected devices like smart TVs, game consoles, and IoT devices, however this convenience comes at a price. UPnP is commonly used by hackers to create networks of infected devices called botnets, which they can use for all sorts of illicit purposes. Additionally, UPnP can be used as a route for hackers to gain access to your router itself, compromising your network from the inside.
Instead of leaving Universal Plug and Play enabled all the time, only turn it on when a new device requires it to be active in order to connect to your network. Your device will continue to work properly once it has connected to your network, even if you disable UPnP, but your network will be far safer with it turned off.
Another feature to disable is your router’s WPS (Wi-Fi Protected Setup) mode. Similar to UPnP, WPS is a feature which is designed to make it easy to connect new devices to your Wi-Fi router; all you need to do is press a button on the router and then your WiFi enabled device is able to connect without inputting a password.
Unfortunately this convenient access feature has a serious vulnerability which allows hackers to use brute force password cracking methods. Many routers don’t have login attempt limits set for WPS, allowing hackers to try literally thousands of WPS pin variations until they have gained access to your network.
Losing the push-button convenience of WPS is a minor inconvenience, although many users aren’t even aware of this feature and never even use it!. With more and more gadgets having better user input methods, typing a password into your smart TV or similar device isn’t the chore that it used to be.
Disable remote access on your modem, firewall, and router.
Remote access is a feature which allows changes to be made to your modem, firewall, and router settings from anywhere in the world. In some rare cases this might be useful, but for the vast majority of users this feature will go unused. Functionality that you’re not taking advantage of is not in and of itself a bad thing – but in this case it opens up the possibility for hackers to access your wireless network from anywhere they can find an internet connection!
Usually these settings are disabled by default, but be sure to check your network settings to ensure that this is the case. With remote access disabled you’ll limit access to these important security settings to devices which are already connected to your network.By disabling remote access you’ll strengthen your network security without impacting your user experience.
Home network security requires a comprehensive approach
Each of these tips used in isolation will increase your network security – but the reality is that they work best when used together. By picking and choosing which of these steps to implement you create a false sense of security and may leave significant holes in your network security system.
It is best to use all of these steps together, creating a network which will discourage hackers from even attempting to infiltrate your system. Staying safe online doesn’t have to be hard, and following these suggestions won’t make your daily browsing experience any more challenging!