Private family pictures and photographs. Sensitive financial information. Important software and devices that you and your family count on every day. If someone breaches your network security they can compromise all of these things. Have you taken the steps below to protect your home network?
I’ve broken these tips down into three categories:
- Basic Tips. These you can do easily in 10 minutes or less, and don’t require much technical knowledge
- Intermediate Tips. These may take a day or so to set up or research, but don’t require deep technical knowledge.
- Advanced Steps. These will take some time to design and implement. You may need technical help implementing these.
Update the firmware on your router
Your router (and the firewall in it) is your primary defense against hackers penetrating your network. As I mentioned here, having an old router and/or a router with old firmware on it is a big security risk. New vulnerabilities are discovered all the time, and you want to make sure that your router has the latest protections. Routers are set and forget type devices for most people, but if your router is no longer receiving updates, you should consider replacing it as it may be too old.
Make these changes to your router settings
This may seem basic but make sure to log in to your router and check that:
- Remote access (from outside your network) is disabled. You want to restrict the ability to log in and change your router settings outside your network. You only want to be able to configure your router from your home network (or even only from specific computers, but that’s a more advanced topic).
- Your firewall is enabled. This should be the default, but you’ll want to make sure!
- You have a strong password for logging into your router. Change the username if you can.
Change your home wifi password
Please tell me your wifi password isn’t the default (and that you have one and have security turned on for your wifi network). Implement a strong password for your wifi network and change it every so often, especially if you have neighbors that are in the range of your wifi network.
Keep your Antivirus/Firewall programs up to date
While your router firewall is your primary defense for your network, a strong antivirus and firewall program running on your computer is the primary defense for your computer. Most malware comes from sites users interact with, not from hackers getting into your network. Protect the computer from yourself by making sure it has the latest protections your firewall and antivirus program provide.
Encrypt your hard drive
This is especially important for mobile devices like laptops, tablets, and mobile phones. If these are lost or stolen thieves can easily access the hard drive without knowing the login information for your device. Encrypting the hard drive makes it much more difficult for thieves to access your sensitive data, even if they have physical access to your device. If encrypting your entire hard drive seems too drastic, or like too much work, you can encrypt just the sensitive files you want protected.
Set up regular backups
Although not a direct protection against a network breach or computer infection, having a backup strategy can save you from catastrophic loss of data if there is a breach, or even if hard drives or computers fail. There are many options for backup including backup to a separate hard drive and remote backups.
Set up a guest network
I discussed this in enough detail in my wifi troubleshooting article. You need to protect your network from guest devices (in case they are compromised) and not give out your regular wifi password to guests.
Secure your network from IOT devices
If you have not segregated your Internet of Things (IOT) devices from the rest of your network you are at the mercy of notoriously insecure devices (webcams, smart speakers, smart bulbs, etc.) remaining secure. There are a few different ways to do this and some of these ways are very difficult and take some maintenance. Check out how I did this using TP-Link access points.
Monitor your network for unknown/new devices
Do you know all the devices that should be on your network? Do you occasionally check your network to see if unknown devices have connected? Ideally, your router allows you to monitor the devices connected to your network. Even better would be your router alerting you when new devices connect to your network. Most routers don’t have that function, but you can use software that scans your network for devices and send alerts. There are free and paid options for whatever OS you run.
Monitor your logs for breaches
This takes tip #9 even a step further. Network professionals often send the logs of all their machines to one location for analysis. One part of their analysis is to detect intrusions. There are many free options and paid options out there for doing this, such as Splunk, Logagent, and even rsyslog. I personally use Graylog2 to centralize my logs and alert me when there are too many password failure attempts, unknown machines logon, and other security concerns. Here are 5 other reasons I centralize my logs.
Implement malware prevention and detection at the network level
You can actually process incoming Internet traffic for your home network and filter out malware and known hackers. This is another feature that some higher end routers and router software have, like pfSense. I use a few of pfSense’s features for malware detection, an intrusion detection system (IDS), and blocking known bad actors from accessing my network. The easiest way to do this to buy a router that has these features. Look at the router section of my top picks for common household tech page for some routers that can get the job done.
I hope these tips are helpful to you. Make sure you’ve implemented the basic tips right now! Then work your way through the list to protect yourself.
Do you have any other important home security tips? Share them below. Subscribe to my newsletter to receive more important network security tips and information on how to implement them.