Protecting Your Home Network: Reinforcing Your Home’s Fifth Wall of Security
The security measures in place for most home networks often pale in comparison to those enforced by workplaces, but as a location where you and your family spend a great deal of time, your home network must be thoroughly protected as well. To help secure your home network, consider the following advice.
Antivirus and firewalls
All operating systems—including PCs and Macs—are vulnerable to malware. Installing antivirus software is an important layer of protection, but it is important to note that no antivirus product will stop all malware. Even paid services like Norton or McAfee are not foolproof or necessarily better than free antivirus software.
Firewalls are another important layer of protection. They sit on the edge of your network and block incoming connections from unauthorized users and software. Some firewalls can also block outgoing traffic, such as a virus on your computer attempting to “call back” to its commander for instructions. Despite common misconceptions, firewalls do not replace antivirus software. Rather, they are complementary and should be enabled on both your router and your computer.
To go one step further in protecting your home network, more advanced security solutions, like an active network monitoring service that can respond to threats in real-time, can reinforce and back up your antivirus software.
Router
- Change any default router credentials. The default username and password of commonly available routers can be easily found online, so a hacker could gain access to your network simply by seeing the username on your Wi-Fi signal.
- Update firmware: Regularly update your router firmware to help protect against vulnerabilities.
- Enable WPA3 Encryption: If your router supports it, upgrading to WPA3 encryption provides stronger security than WPA2.
- Create a strong network password. Your network is identified by its SSID (a string of characters). Setting a strong password allows only users you know and trust can connect to it.
Wi-Fi
- Be alert for spoofed Wi-Fi networks. Before logging on to any Wi-Fi network (public or private), make certain that it is the correct one and not an imposter whose name closely matches that of your own network.
- Disable WPS (Wi-Fi Protected Setup): WPS can be a potential security vulnerability; disabling it prevents unauthorized devices from easily connecting.
- Turn off Universal Plug and Play (UPnP). This technology is designed for convenience. It allows devices and applications to communicate with each other without additional configuration by bypassing security controls. It is a common way for attackers to exploit your network.
- Offer a guest network to visitors. Most Wi-Fi routers allow you to create a guest network for your home in addition to your highly secured main network. Guest networks can be secured with a separate password, allowing you to connect noncritical devices of third-party users. Ask your internet service provider to help you create this network on a separate subnetwork (VLAN) in order to truly segment the two. Never share your main network’s credentials with anyone other than members of your household.
- Leverage network monitoring. Enable logging and alerts for suspicious activity, like failed login attempts or unknown devices connecting.
- Manage your Internet of Things (IoT) devices: IoT devices, like smart speakers, cameras, and thermostats, are often less secure and can serve as entry points for attackers. Regularly update their firmware, use strong passwords, and disable unnecessary features (such as remote access).
The cloud
While common cloud-based services (e.g., Dropbox, Google Drive and Box) are convenient and user-friendly, they also present serious security exposures. Avoid uploading personal, financial and other sensitive information to cloud-based services. Although these services might encrypt your files in transit, they are not always encrypted at rest, and the service provider has complete access to them. You should always enable multifactor authentication on any cloud-based file-sharing services to secure your login access.