Your home network is a possible treasure trove for cyber attackers:
- You do your online banking on your phone or PC.
- You have credit card credentials stored in your smart TV and your video game consoles.
- Google Home and Amazon Echo devices are recording the audio in your home and likely have cameras, too.
- Your TVs, PCs, phones, stereos, and various “smart” devices contain CPUs that can be exploited to mine cryptocurrency.
- They can also be exploited as part of a massive botnet to perform more attacks.
If cyber attackers penetrate your home network, you could lose your privacy, your online identity, and money from your bank account. Your various devices may slow down, but you may notice no indication that the bad guys have compromised your comfortable home.
How to Secure Your Home Network
Popular TV shows like Mr. Robot describe super sophisticated cyber attacks and advanced “hackers.” But most of the attacks that your home entertainment and computing devices face are easy to prevent. More importantly, you don’t need a degree in computer science to improve the security of your home network.
I’ll make the knowledge that you need simple to understand and implement.
1. Buy Only the Gadgets You Need
The first step in securing your home network might surprise you. It starts when you browse Amazon or Best Buy for new toys. Smart devices like Amazon Echo, Google Home, Ecobee thermostats, and “smart” toys are all the rage these days.
The possibility of getting weather forecasts simply by saying “Okay, Google, what’s the weather like?” or being able to look at your security cameras from your phone when you’re away can be irresistible. But those are all Internet of Things devices, or IoT for short. They introduce new internet-connected interfaces to your home.
Each of those new interfaces expands the cyber attack surface of your home network. The more interfaces you have, the more vectors you have for the bad “hackers” to get in. So consider the risks of new devices before you buy them.
I personally have very little in the way of IoT tech in my home. I have a smartphone which, of course, doubles as a device that can be used to spy on me. The cybersecurity risks of my phone are similar to the risks my PC has, but it’s a desktop and it can’t be used to track my movements when I’m not home.
I have a “dumb” TV, but it operates as a display for my PS4, PS3, and Raspberry Pi-based Retro Pie console. Those consoles are all internet-connected, and my PS4 also has a PlayStation Camera that could be intercepted to watch me while I’m in my bedroom.
Aside from my router, those are all the internet-connected devices that I have. As a cybersecurity professional, you might assume that I want to have all the latest toys. But, in fact, being a cybersecurity professional means that I’m cautious about new toys.
You could choose to cover your home in Google Home speakers and deploy internet-connected security cameras or whatever you want. Just keep in mind that those could be new means for cyber attackers to interfere with your life—and for security to harden accordingly.
2. Check Your Router
If you have a typical 21st century home, you have one account with an ISP (internet service provider.) The ISP transmits an internet signal through your home that you’ve connected a home router to. The home router could be fully wired, but it’s probably wireless.
If you have a wireless router, you probably have a WiFi signal broadcast throughout your home that devices can connect to wirelessly, such as phones, tablets, laptops, video game consoles, smart devices, you-name-it.
That internet connection through cable, Ethernet, and WiFi connects your home to the rest of the world. But it’s also how cyber attackers get in. The next course of action is to do the basic things you need to do to secure that source.
It’s unlikely that a cyber attacker will intercept your internet connection physically. Chances are if they want access to your internet connection, they’ll look for your WiFi.
Go to your router. If you have WiFi, your router assigns an SSID (a way of naming WiFi signals) and password to your account. Your router came with a default SSID and password. If you’re using that default SSID and password, you have a seriously dangerous security vulnerability in your home network and must fix it right away.
Wardriving sounds more badass than it actually is. It entails traveling around a neighbourhood with a device that can pick up WiFi signals (such as a phone) and seeing if the WiFi can be easy to break into. The most vulnerable WiFi signals are the ones with no passwords (that’s public, unencrypted WiFi) and the ones with default SSIDs and passwords.
The default SSIDs and passwords associated with the device model of your router and your internet service provider are easy to find on the internet. RouterPasswords.com is a great place to start. Try one of those passwords and you can easily break in. Default SSIDs let cyber attackers know what brand of device you have or who your ISP is and let them know which default passwords to try.
Your SSID should be unique, and your password should be complex. You may be tempted to change your SSID to “Police Monitoring Van,” but the novelty of those jokes have long worn off. Be more original. My boyfriend’s SSID is related to the name of his record label. My home router SSID is a pun related to my nickname. Try something fun and different.
Passwords should be as many characters as possible, with a mix of upper and lowercase letters, numbers, and symbols.
Follow the instructions included with your router to change your WiFi SSID and password. If you’ve lost them, don’t worry. Open a web browser on your home PC, and try any of the following in the address bar:
One of those addresses should lead to a console where you can change your router’s settings.
Your router may also have some extra features, such as UPnP or WPS. If you aren’t certain that you’re using those features, disable them from the same router settings console you used to change your SSID and password for your WiFi. Those are both extra ways that cyber attackers can maliciously penetrate your home network. Disable them if you don’t have to enable them.
Regarding WPS, network security expert Michael Horowitz says:
“This is a huge expletive-deleted security problem. That eight-digit number will get you into the (router) no matter what. So a plumber comes over to your house, turns the router over, takes a picture of the bottom of it, and he can now get on your network forever.”
It’s also pretty easy for a cyber attacker to crack your WPS from an app on their phone.
According to Horowitz, UPnP is also terrible.
“UPnP was designed for LANs, and as such, it has no security. In and of itself, it’s not such a big deal. (But) UPnP on the internet is like going in for surgery and having the doctor work on the wrong leg.”
While you’re at your router’s console in your web browser, see if there’s a section where you can check for updates for your router’s firmware. Your router should automatically install new security patches when they become available. It’s quite possible that your router’s firmware isn’t getting updated, which leaves terrifying vulnerabilities that a cyber attacker can exploit.
And when you’re looking for a new router, find one that supports the new WPA3 encryption standard. The other WiFi encryption standards (WEP, WPA, and WPA2) are older and have worse security vulnerabilities. Deliver WPA3 encryption for your WiFi, unless you have devices that cannot use WPA3.
3. Get a VPN
If you’re a smart reader of The Best VPN, you probably have a VPN, too. VPN routes your internet traffic through an extra layer of encryption. A good VPN, when properly configured, will greatly improve the security of your home network and make it a lot more difficult for cyber attackers to intercept your internet use.
If you don’t have a VPN set up yet, or if you’re considering changing your VPN provider, The Best VPN is a great source of independent and objective reviews to help you choose the best.
The best VPN providers have apps for your PCs, phones, and tablets that make everything easy to use. No computer nerd knowledge necessary.
4. Configure Your Firewalls
A firewall is an interface that controls how internet signals enter and leave your home network. They come in the forms of both hardware and software. Chances are that your router has a firewall, and your Windows, macOS, and Linux operating systems have firewalls, too. These firewalls usually work by blocking the internet ports you don’t use and filtering the internet ports that you do use.
These ports are what we refer to as the TCP/IP stack. Internet services often have associated TCP/IP ports. For instance, you access the web through ports 80 and 443.
Your firewalls aren’t configured for optimal security by default. The most secure firewalls are the ones you configure yourself.
HowStuffWorks has an excellent article on how firewalls work with easy-to-understand information that should help you configure your firewalls properly, even if you’re a total layperson. Which ports do you use? You’ll be able to figure it out.
As I said, block the ports you don’t use and filter the ports you do use. Remember I mentioned that each new internet-connected device in your home network is a new way that cyber attackers can break in? The same applies to TCP/IP ports.
5. Don’t Forget the Antivirus
Each device in your home network that can have an antivirus installed on it should have an antivirus installed on it. Malware on your phone or PC can be a means for cyber attackers to attack the rest of your home network.
Your Android malware could be a way in for a cyber attacker to watch your baby on your baby monitor or control your Ecobee thermostat.
I work for an antivirus company, so I won’t recommend anything specific. Instead, I’ll direct you to AV-Test.org. Just as The Best VPN does independent VPN provider reviews, AV-Test is an excellent source for independent third-party reviews of antivirus software.
They list their reviews per operating system, such as Windows, Mac, and Android. Use their advice to choose the best antivirus software for all of the PCs, phones, and tablets in your home network.
6. Tie Up All the Loose Ends
Remember how I mentioned that my PS4 has a PlayStation Camera? I use it with my PSVR device. When I’m not playing a VR video game, I disconnect my Camera from my PS4.
Laptops often have built-in webcams, and you may also have cameras for your Google Home or Amazon Echo, or as a separate peripheral connected to your desktop PC. Disconnect all cameras or cover them with duct tape when you’re not using them. It’s also a good idea to disconnect your Google Home or Amazon Echo speakers when you’re not at home.
By disconnecting or covering cameras and speakers in your home network when you’re not using them, you’re making it more difficult for cyber attackers to watch or listen to you in a space that should be private. There are lots of malware and man-in-the-middle cyber attacks that can grant the bad guys a way to violate your privacy.
My advice is to limit your “cyber attack surface” as much as possible by reducing it in ways that are feasible.
Credit card and personal banking credentials are also highly attractive to cyber attackers. Sometimes people store this sort of data in their smart TVs and video game consoles. My advice is to use your credit card as infrequently as possible.
If you have services that you pay for, such as Netflix, Hulu, Amazon Prime, PlayStation Network, Xbox Live, or Spotify, you can often pay for them using gift cards.
Alternatively, there are credit card gift cards you can use to pay for most online services. Use gift cards as much as possible. The worst-case scenario with a gift card is that a cyber attacker steals its value from you, whether it’s $100 or whatever.
The worst-case scenario with a conventional credit card is much more expensive than $100. If a cyber attacker acquires that data, they could access your personal banking and wipe your bank accounts dry or engage in identity fraud where they pretend to be you online.
Protect Your Home Network, Safeguard Your Security
These tips are all simple ways to greatly improve the security of your home network. It’s surprising how many people don’t do these things. Most cyber attacks aren’t complex, sophisticated, or Hollywood-movie-worthy.
Most of the time, cyber attackers will try easier ways to engage in cyber crime, and by following my guide, you have now made their lives much more difficult. Give yourself a pat on the back!