With the world well and truly dependant on their digital wellbeing, almost as their physical and mental, it’s becoming increasingly important to protect your personal information and identity when using the internet. In the last several years, Cyber threats have been more and more prominent with 2022 being the worst year for Cyberattacks we’ve ever seen, and it’s not slowing down.
In 2022, cyberattacks globally increased by 38% compared to 20211. The average cyberattack costs individuals between hundreds to thousands of dollars in ransomware attacks alone, and businesses on average are losing millions in data recovery efforts, PR, and now likely fines from the Federal Government expected to roll out soon here in Australia. It’s not just the costs of cyberattacks that should scare you – approximately 47% of all cyber security incidents involving Personally Identifiable Information (PII)2 including identification documents such as drivers licences, passports, etc. Being attacked in this way can lead to identification fraud, resulting in ruined credit scores and debt that may cripple you and your family for the rest of your lives…
Despite it sounding like I’m going over the top here, we’re not even scratching the surface of what is happening around the world right now. Did I mention that cyberattacks are one of the leading military actions nations are now taking to? For some nations, it’s one of their biggest exports and revenue strategies for keeping themselves afloat.
In this series, we will cover many other areas to consider in protecting yourself, your business, your friends and your family’s digital lives. To begin, I want to talk to the first access point into your home, the Router and your Home Network.
Below is a hit-list for all families to consider to prevent outside threats entering their network. This breaks down the options available to you for securing your home network using networking best practice as well as common router features.
Please note that whilst this list is quite comprehensive and does often go into specific detail, these are simply suggestions to get started. Not all will be required for everyone and there are others off this list that would benefit others also.
The bare-minimum for all households – every network should have the below items ticked off
- Change your router’s wireless password from the default, following strong password standards (Minimum 12 characters, including Uppercase, Lowercase, Numbers and Symbols) This should never be the same as another password you use elsewhere.
- Change your router’s default admin panel username/password: Use the above password standard to change the user credentials required to access the administrator panel of your wireless router. This password should be different to the one to you set up as the Wi-Fi password to avoid someone who already knows your W-Fi password from also having access to the configuration of your network.
- Change your wireless networks name (SSID) from the default, ensuring not to include anything personal or identifiable in the name (eg. Your name, address, etc)
- Don’t write your password down somewhere in plain sight. If you want to have your password on paper to share with others, keep in a drawer out of communal rooms of the house and out of sight from windows, smart cameras, etc
- BYO Router: Using a provided router from your ISP brings risks as they aren’t often capable of security features and are often shipped with default passwords that can be found online. Buying a router from a reputable brand such as TP-Link, D-Link, Netgear, etc, will provide better flexibility and control of your network and will allow for the best protection. I’d recommend spending between $200-$500 on a suitable router. There are many other factors to consider, but anything in that range will have a vast majority of the features and options mentioned below that will protect your home network from a large amount of physical and virtual attacks. Get started by looking here.
Requires a bit of effort, but can make a massive difference in the protection of your home network
- Enable a Guest Wi-Fi network: Only your family should have access to the primary network where your computers, NAS, etc are connected. Guest networks will allow for people who visit your home to access the internet but won’t have access to other sensitive local devices. You may also opt to have some home devices connected to this network such as smart speakers, TVs, etc, to allow guests to share/cast media.
- Isolate your IoT devices onto your Guest Wi-Fi network (and buy carefully): Smart devices, often referred to as Internet of Things (IoT) are can often be extremely handy to have in your house – allowing you to easily access video footage of the doings within your house from anywhere, ask an AI to turn on a kettle or even vacuum your house. However, it can be just easy and dangerous for your families safety as these devices often use cheaper hardware and have poorly written firmware and software, allowing attackers to access your network from anywhere in the world. If you wish to use these devices, it’s highly recommended you only connect these to wireless networks in your home that are completely separate from any personal devices. It’s also suggested you consider which brands you purchase from as many stories have been shared of personal data and families being exploited (included young children) due to compromised devices and irresponsible companies dodging blame. Be sure to do your research, only buy from brands you trust, and try to steer clear of devices that are cheap alternatives of known products. Also, whilst the benefits of cloud-based devices can be appealing, it’s always best to consider local-only smart devices that don’t require data being stored or accessed outside of your home network.
- Change your wireless encryption setting: Depending on your wireless router, you will have different levels of password encryption that can be defined in your admin panel. Currently for households, the latest available standard is WPA3-Personal. Before simply switching to this setting, keep in mind that not all of your wireless devices will be compatible, especially devices such as smart devices, printers, etc. You may find better success with using a WPA3-Personal Compatibility option such as WPA2/WPA3-Personal which will work with both standards. You should never set your network to WPA or no encryption (open) with devices containing sensitive data.
- Keep your router’s firmware up to date: Like your mobile phone or computer, routers can also receive security and feature updates to it’s firmware. It’s recommended you keep update the firmware as soon as a stable release is provided. You can check periodically in the admin panel for updates or check your router manufacturer’s website
- Disable “Port Forwarding” & “DMZ”: These feature allows for you to open an application or device on your network that can be accessed outside of your home. This is helpful for advanced users in some use-cases, but should almost never be enabled for the everyday households
- Disable UPnP: Universal Plug-and-Play allows for all devices to freely communicate with one another on a home network. Whilst in some cases this is helpful, in others, it can be catastrophic as one compromised device can then infect all other devices connected, resulting in sometimes complete personal data lose across the household.
- Disable WPS: Wireless Protected Setup This feature allows for devices to be connected to the network by simply pressing a physical button on the router and accepting the connection on your personal device, without the need for a password. This does require someone to be inside your home to gain access, however, break-ins can occur and if the intruder is targeting your home network for future access, this would be a sure way for them to gain access. It’s also not uncommon for savvy attackers to target this protocol for access even without touching the router as many instances of it are buggy and have technical flaws that can be exploited.
- Disable Remote Management: Unless you require remote assistance from a professional, this should be switched off to avoid unauthorized access to the admin panel of your router
- Configure Wi-Fi parental settings: Using parental features on your wireless network not only allows you to monitor and control what content your children are consuming online, but can also prevent them accessing malicious sites containing viruses and malware, which can result in a compromised network. By using the schedule feature, this allows you to restrict all access entirely from the internet of these devices. The less devices connected, means less avenues that outside attackers have to gaining access to your network.
- Use Ethernet where possible: Having devices connected over ethernet instead of Wi-Fi can be a great way to prevent thieves from stealing devices and then inheriting access to your network with saved Wi-Fi networks being very common in many devices. It also allows you to easily monitor what is connected to your network as it’s directing connected with a cable. These cables are very easy to find at many in-person and online retailers and are relatively inexpensive. Pick the cable that matches your budget, distances and speed requirement. Ethernet can also be installed around the home to allow for seemless use. Be sure to consult with your electrician on how to go about this and do not attempt to install yourself.
These take your protection to the next level. Whilst these can be tackled on your own, but having the help of someone that knows what they’re doing is recommended.
- Disable 2.4Ghz band: If your router allows it, you can opt to only use the 5Ghz band for wireless connectivity as this has a shorter range, resulting is less coverage and a lower area of availability for attackers trying to connect from your street or in a car performing a “Drive-By Attack”. Note this may cause some connectivity issues with older devices and may require you deploy a “Mesh” network to allow for all parts of your house to be connected
- Add an additional router to your network for WFH devices: Working from home can be great, but can sometimes provide additional risk as tasks and application you may use for your occupation may be targeted services for attackers in the corporate space. Having a router setup for only your devices used for working from home will add an additional layer of protection between the outside world and your families devices and personal data. Extra steps may need to be taken to ensure this device is as secure and undetectable as possible such as disabling 2.4Ghz band, reducing your power output to limit the frequency range even further, limiting MAC Addresses, etc.
- Enable MAC Address Filtering: Every wireless device has what we call a “MAC Address” that is associated with the network adapter on that device. These addresses are unique across the globe for every individual device, using an addressing scheme that can allow for approximately 281 Trillion unique addresses. You can use MAC Address filtering to either blacklist or whitelist devices from accessing your network.
- Disable DHCP / use Static IP addressing: Similar to the option above, you have the ability to prohibit new devices from accessing your network by disabling DHCP (the service responsible for allocating internal IP addresses to devices connecting to your network) and using only Static IP addresses on devices you wish to keep connected. Keep in mind this does require a lot of management as every new device would need to be configured manually.
- Restrict your ethernet access: To ensure someone with malicious intent can’t simply break into your hose and plug their device directly into your router to have immediate access, you can use either of the above two options methods to prevent this from being an option.
- Change your internal IP Address and Subnet: Most internal IP addresses use the IP Address / Subnet of 192.168.1.0/24, 192.168.0.0/24, 10.0.0.0/24. Whilst changing this won’t prevent someone from gaining access, it may throw off attackers that do gain some preliminary access as they attempt to navigate the network in hopes to find other devices.
- Enable advanced security features and “firewalls”: Most intermediate-advanced consumer routers offer additional security features and the ability to customise your network’s firewall. Consult with a network administrator or IT professional to identify if any are appropriate for your home network
In conclusion: As the digital entrypoint into your home, your router and home network should be properly setup to mitigate as much risk as possible to give you peace-of-mind that your family are safe, but that’s not all that can be done, and it’s going to protect from many other kinds of attacks. Be sure to come back for the next installment.