Your home network is a possible treasure trove for cyber attackers:
- You do your online banking on your phone or PC.
- You have credit card credentials stored in your smart TV and your video game consoles.
- Google Home and Amazon Echo devices are recording the audio in your home and likely have cameras, too.
- Your TVs, PCs, phones, stereos, and various “smart” devices contain CPUs that can be exploited to mine cryptocurrency.
- They can also be exploited as part of a massive botnet to perform more attacks.
If cyber attackers penetrate your home network, you could lose your privacy, your online identity, and money from your bank account. Your various devices may slow down, but you may notice no indication that the bad guys have compromised your comfortable home.
How to Secure Your Home Network
Popular TV shows like Mr. Robot describe super sophisticated cyber attacks and advanced “hackers.” But most of the attacks that your home entertainment and computing devices face are easy to prevent. More importantly, you don’t need a degree in computer science to improve the security of your home network.
I’ll make the knowledge that you need simple to understand and implement.
1. Buy Only the Gadgets You Need
The first step in securing your home network might surprise you. It starts when you browse Amazon or Best Buy for new toys. Smart devices like Amazon Echo, Google Home, Ecobee thermostats, and “smart” toys are all the rage these days.
The possibility of getting weather forecasts simply by saying “Okay, Google, what’s the weather like?” or being able to look at your security cameras from your phone when you’re away can be irresistible. But those are all Internet of Things devices, or IoT for short. They introduce new internet-connected interfaces to your home.
Each of those new interfaces expands the cyber attack surface of your home network. The more interfaces you have, the more vectors you have for the bad “hackers” to get in. So consider the risks of new devices before you buy them.
I personally have very little in the way of IoT tech in my home. I have a “dumb” TV, but it operates as a display for my PS4, PS3, and Raspberry Pi-based Retro Pie console. Those consoles are all internet-connected, and my PS4 also has a PlayStation Camera that could be intercepted to watch me while I’m in my bedroom.
Aside from my router, those are all the internet-connected devices that I have. To minimize the risk they bring, I usually connect them to a separate guest Wi-Fi network. Most routers allow you to create one via settings as well as assign it a unique name and password.
The benefit of using a separate network is that it keeps your IoT gadgets isolated from your main devices. So if a cybercriminal somehow manages to hack into your smart speaker or thermostat, they can’t turn it into an entry point for your laptop or smartphone, keeping your sensitive information safe.
You could choose to cover your home in Google Home speakers and deploy internet-connected security cameras or whatever you want. Just keep in mind that those could be new means for cyber attackers to interfere with your life—and for security to harden accordingly.
2. Check Your Router
If you have a wireless router, you probably have a WiFi signal broadcast throughout your home that devices can connect to wirelessly, such as phones, tablets, laptops, video game consoles, smart devices, you-name-it.
That internet connection through cable, Ethernet, and WiFi connects your home to the rest of the world. But it’s also how cyber attackers get in. The next course of action is to do the basic things you need to do to secure that source.
It’s unlikely that a cyber attacker will intercept your internet connection physically. Chances are if they want access to your internet connection, they’ll look for your WiFi.
Your router assigns a default SSID (a way of naming WiFi signals) and a password to your account. If you’re using that default SSID and password, you have a seriously dangerous security vulnerability in your home network and must fix it right away.
The default SSIDs and passwords associated with the device model of your router and your internet service provider are easy to find on the internet. They make it easy for cyber attackers to learn what brand of device you have or who your ISP is, plus give them an idea of which default passwords to try.
Your SSID should be unique, and your password should be complex. You may be tempted to change your SSID to “Police Monitoring Van,” but the novelty of those jokes have long worn off. Be more original. My boyfriend’s SSID is related to the name of his record label. My home router SSID is a pun related to my nickname. Try something fun and different.
Passwords should be as many characters as possible, with a mix of upper and lowercase letters, numbers, and symbols.
Source: TechTarget.com
Follow the instructions included with your router to change your WiFi SSID and password. If you’ve lost them, don’t worry. Open a web browser on your home PC, and try any of the following in the address bar:
One of those addresses should lead to a console where you can change your router’s settings.
Your router may also have some extra features, such as UPnP or WPS. If you aren’t certain that you’re using those features, disable them from the same router settings console you used to change your SSID and password for your WiFi. Those are both extra ways that cyber attackers can maliciously penetrate your home network. Disable them if you don’t have to enable them.
Regarding WPS, network security expert Michael Horowitz says:
“This is a huge expletive-deleted security problem. That eight-digit number will get you into the (router) no matter what. So a plumber comes over to your house, turns the router over, takes a picture of the bottom of it, and he can now get on your network forever.”
It’s also pretty easy for a cyber attacker to crack your WPS from an app on their phone.
According to Horowitz, UPnP is also terrible.
“UPnP was designed for LANs, and as such, it has no security. In and of itself, it’s not such a big deal. (But) UPnP on the internet is like going in for surgery and having the doctor work on the wrong leg.”
While you’re at your router’s console in your web browser, see if there’s a section where you can check for updates for your router’s firmware. Your router should automatically install new security patches when they become available. It’s quite possible that your router’s firmware isn’t getting updated, which leaves terrifying vulnerabilities that a cyber attacker can exploit.
You can check the vendor’s support website to see if any updates are available for your specific router model. Router manufacturers often come into action after the outbreak of a significant attack, reviewing their firmware code to ensure their hardware is not vulnerable to the new threats. If they find any weaknesses, a security patch is immediately released, which is why you need to be on the latest firmware.
Many routers also have features that simplify remote access from outside the home network. Unless you require admin-level access to your router from another location, you can disable these features to minimize the risk of intruders remotely tampering with your equipment.
This can be done by opening the router’s main interface and looking for the Remote Administration or Remote Access option. Although most routers have it enabled, it’s worth doing an extra check. P.S. If you find that some apps and devices on your network require remote access, you can always go back and enable the feature temporarily before disabling it again.
And when you’re looking for a new router, find one that supports the new WPA3 encryption standard. WPA3 offers stronger password protection than older standards like WPA2 by using Simultaneous Authentication of Equals (SAE), a security protocol that prevents offline password cracking by forcing hackers to interact with the network in real-time.
If WPA3 is not available on a router, your next best option is WPA2 AES (aka WPA2 PSK). This standard uses the same encryption algorithm used by financial institutions and governments to safeguard sensitive data, i.e., Advanced Encryption Standard (AES). AES is a step above the Temporal Key Integrity Protocol (TKIP) used in older WPA/WEP encryption standards, which was susceptible to packet injection and key compromise.
Using the latest standards ensures your network is ready for better security protocols and new devices as they emerge.
3. Get a VPN
If you’re a smart reader of The Best VPN, you probably have a VPN, too. VPN routes your internet traffic through an extra layer of encryption. A good VPN, when properly configured, will greatly improve the security of your home network and make it a lot more difficult for cyber attackers to intercept your internet use.
If you don’t have a VPN set up yet, or if you’re considering changing your VPN provider, The Best VPN is a great source of independent and objective reviews to help you choose the best.
The best VPN providers have apps for your PCs, phones, and tablets that make everything easy to use. VPN software can also be configured on the router to secure all devices on your home network. No individual installation required.
4. Configure Your Firewalls
A firewall is an interface that controls how internet signals enter and leave your home network. They come in the forms of both hardware and software. Chances are that your router has a firewall, and your Windows, macOS, and Linux operating systems have firewalls, too. These firewalls usually work by blocking the internet ports you don’t use and filtering the internet ports that you do use.
These ports are what we refer to as the TCP/IP stack. Internet services often have associated TCP/IP ports that act like numbered doors on your network. Each online service uses a specific door, and a firewall locks the unused doors to keep intruders out. For instance, you access the web through ports 80 and 443 and the PlayStation Network through ports 3478-3480
Most routers have a network firewall enabled by default, but rather than making an assumption, check if yours has it enabled by taking these steps:
- Log into the router’s admin page by typing 192.168.11 or 192.168.0.1 in a web browser
- Look for the section named Firewall or Advanced Settings (in some routers, it’s simply named Security)
- If the toggle for the firewall protection isn’t enabled, you can turn it on by moving it towards the right
A firewall acts as a one-way barrier that blocks outside access to your network while allowing your devices to connect onward. If your router doesn’t have one, make sure your system’s firewall is enabled and consider upgrading to a modern router that includes built-in security protection.
HowStuffWorks has an excellent article on how firewalls work with easy-to-understand information that should help you configure your firewalls properly, even if you’re a total layperson. Which ports do you use? You’ll be able to figure it out.
As I said, block the ports you don’t use and filter the ports you do use. Remember I mentioned that each new internet-connected device in your home network is a new way that cyber attackers can break in? The same applies to TCP/IP ports.
5. Don’t Forget the Antivirus
Each device in your home network that can have an antivirus installed on it should have an antivirus installed on it. Malware on your phone or PC can be a means for cyber attackers to attack the rest of your home network.
Your Android malware could be a way in for a cyber attacker to watch your baby on your baby monitor or control your Ecobee thermostat.
I work for an antivirus company, so I won’t recommend anything specific. Instead, I’ll direct you to AV-Test.org. Just as The Best VPN does independent VPN provider reviews, AV-Test is an excellent source for independent third-party reviews of antivirus software.
They list their reviews per operating system, such as Windows, Mac, and Android. Use their advice to choose the best antivirus software for all of the PCs, phones, and tablets in your home network.
6. Tie Up All the Loose Ends
Remember how I mentioned that my PS4 has a PlayStation Camera? I use it with my PSVR device. When I’m not playing a VR video game, I disconnect my Camera from my PS4.
Laptops often have built-in webcams, and you may also have cameras for your Google Home or Amazon Echo, or as a separate peripheral connected to your desktop PC. Disconnect all cameras or cover them with duct tape when you’re not using them. It’s also a good idea to disconnect your Google Home or Amazon Echo speakers when you’re not at home.
By disconnecting or covering cameras and speakers in your home network when you’re not using them, you’re making it more difficult for cyber attackers to watch or listen to you in a space that should be private. There are lots of malware and man-in-the-middle cyber attacks that can grant the bad guys a way to violate your privacy.
My advice is to limit your “cyber attack surface” as much as possible by reducing it in ways that are feasible.
Credit card and personal banking credentials are also highly attractive to cyber attackers. Sometimes people store this sort of data in their smart TVs and video game consoles. My advice is to use your credit card as infrequently as possible.
If you have services that you pay for, such as Netflix, Hulu, Amazon Prime, PlayStation Network, Xbox Live, or Spotify, you can often pay for them using gift cards.
Alternatively, there are credit card gift cards you can use to pay for most online services. Use gift cards as much as possible. The worst-case scenario with a gift card is that a cyber attacker steals its value from you, whether it’s $100 or whatever.
The worst-case scenario with a conventional credit card is much more expensive than $100. If a cyber attacker acquires that data, they could access your personal banking and wipe your bank accounts dry or engage in identity fraud where they pretend to be you online.
Protect Your Home Network, Safeguard Your Security
These tips are all simple ways to greatly improve the security of your home network. It’s surprising how many people don’t do these things. Most cyber attacks aren’t complex, sophisticated, or Hollywood-movie-worthy.
Before I sign off, here’s another simple tip: turn off your router when you’re not at home. For example, you don’t need it active when you’re outside doing groceries or going for a run. Disabling your home network equipment reduces the chances of hackers breaking into your home network while also minimizing the odds of your router getting damaged from power surges.
Most of the time, cyber attackers will try easier ways to engage in cyber crime, and by following my guide, you have now made their lives much more difficult. Give yourself a pat on the back!