It’s easy to get complacent and to assume we are safe when in our homes or workplaces. Security issues happen to others… right?
Many people think that “no hacker would be interested in my home network.”
But everyone has something that’s valuable to attackers: personal information, bank details, financial data, perhaps even a webcam that could let criminals know when you aren’t at home, or that might let them spy on you when you are.
If you’re working from home, it’s worth remembering that for a skilled attacker it’s just a ‘hop, skip and jump’ across the network from your personal computer or connected device to your work laptop, and possibly from there to the whole company network.
You may be thinking “There’s no way that my neighbour is a hacker”, however, your Wi-Fi is likely to be accessible beyond your immediate neighbour, to those beyond and into the street. ‘Drive-by’ hacking is a real and opportunist threat.
Here are five tips for you to check, to ensure your Wi-Fi network is secure.
Tip 1: Apply those updates
‘Patch early, patch often’ is a regular mantra of security professionals, and it applies to all access points, modems and routers you use for your home network, as well as all the devices that can connect to it.
Take a moment to check when your firmware was last updated. If it’s not up to date, patch without delay.
Set your devices to automatically install updates where possible. If you discover that you are unable to update (for instance, if the manufacturer is no longer providing support), then seriously consider replacing it with a new device that is properly supported.
Tip 2: Check your encryption settings
We recommend using at least WPA2-PSK (AES) encryption, also known as WPA2-CCMP. (PSK stands for Pre-Shared Key, which is the password you need to connect to the network in the first place.)
WPA2 was first ratified by the Wi-Fi Alliance in 2004. If the router you’re using doesn’t support WPA2, upgrade to a newer model that does.
Never use WEP, short for Wired Equivalent Privacy, because the encryption system it uses was cracked completely many years ago – it gives nothing but a false sense of security.
There are still Wi-Fi routers for sale that don’t use WPA2-PSK (AES) encryption. Avoid these regardless of their cost. If your current Wi-Fi router doesn’t support WPA2-PSK (AES) encryption, then seriously consider replacing it with a new device that does support it.
Here’s a video made more than seven years ago explaining why you should choose decent encryption for your home Wi-Fi. Some older network devices don’t support anything better than WEP, so it’s tempting to keep on using WEP if your router still supports it. The smarter approach is to get rid of the old devices instead.
Tip 3: Pick a proper password
It’s tempting to use a short and obvious password so it’s easy to type in on devices such as phones, or to read out for friends who want to join your network while they’re visiting.
But an obvious password makes it easy for people you haven’t invited onto your network to connect up as well. You only need to enter it once, so a little bit of extra hassle putting in the password in the first place is worth it to make it harder for outsiders to guess the password in future.
Remember also that if you have allowed a guest to access your network but then decide that you don’t want them connecting any more, you will need to change the password to keep them out.
Tip 4: Check who’s on your network
It’s worth taking a moment to see which devices have accessed your Wi-Fi network recently. Many Wi-Fi routers have an option in their management pages, usually accessed via your web browser, that will show you which devices have connected recently.
Are there any rogue computers online? Perhaps the teenager next door is still connected from their last babysitting session? Are there any home devices such as webcams or baby monitors that you’d forgotten about or thought you’d turned off?
If there are devices accessing your network that shouldn’t be, disconnect them. Changing the Wi-Fi password will stop any unwanted devices getting back online automatically.
Tip 5: Review your IoT devices
IoT is short for Internet of Things, and it refers to devices that didn’t used to be computers in their own right, such as webcams, smart speakers and doorbells, but that now connect to your Wi-Fi network by themselves, and operate independently.
This technical article has good advice for securing IoT devices such as webcams and smart speakers. The main points are:
- Only connect devices that you really need to have online. Power down devices when you’re not using them.
- Make sure you know how to update your devices.
- Configure your devices correctly,
- Change any risky settings, such as default passwords.
- Check how much data you are sharing.
- Put IoT devices on a ‘guest’ network if you can.
- Turn on ‘client isolation’ if available.
- Make sure you know who to turn to if you have a problem.
Please don’t get complacent. The security of yourself, your family and your data is important.
By Florentino Sanchez from Sophos. Published with kind permission by Sophos
