Do you or your team work from home? Considering your business data is now accessible from all of those places you should ensure that each one is secure. Now you don’t just need to take our word for it, the NSA recently published their own document on how to secure your home network.
Here’s the breakdown of their conclusions and how to protect data on your home network. This is good advice, and you can use this as a checklist for how to secure your network even if you don’t work from home.
9 no cost ways to secure your home network
- Use Strong Passwords
- Change your default password
- Update Firmware
- Enable Encryption
- Enable a Firewall
- Disable Unused Services
- Secure Wi-Fi
- Create Separate Networks
- Limit Physical Access
Use Strong Passwords
Hopefully you are doing this already, but you need to use strong passwords for everything – including all the devices on your home network.
Strong passwords are ALL unique, never the same. They should be 12 characters or more, and comprised of uppercase and lowercase letters, numbers, and symbols. We always suggest a password manager to handle all this for you, creating 20+ character passwords that are virtually uncrackable.
Now that you are reminded of what a strong password is, let’s put it to use.
Change your default password
This should be the first thing you do on all new devices. Got a router from your ISP? Change the default password. Have a Wi-Fi printer? Change the default password.
Any device on your network should have a personalized password so they can’t easily be breached.
You can easily search online for router and printer default credentials and find them. That’s all a hacker needs to do to get into your home network.
Update Firmware
While you’re in the settings to change your password, go ahead an update your firmware as well. What’s firmware? It’s software in your devices that lets the hardware be used and communicate with other devices on your network. There is usually an update available since the one used in manufacturing is old by the time it gets to you. What’s in the new firmware? Usually security patches for breaches that were found. Plus they tend to implement stability patches and other improvements, so it’s beneficial either way.
Enable Encryption
Encryption encodes your data so only authorized parties can read it. Enabling it on your router will keep criminals from intercepting and reading all of your traffic.
You should use no less than WPA2 encryption, which has been supported for a very long time. The newer standard is WPA3, which is stronger and has been available since 2018 and mandatory since 2020. If your router comes from your ISP and does not have WPA3, request it from them.
Enable a Firewall
A firewall is a security gate on all the traffic coming in and out of your network. They come in software and hardware forms. If you use Windows there is a software firewall built in, make sure it is on. Typically the modem from your ISP is a combo unit, having a modem, firewall, and router all built into the same box. The firewall should be turned on by default, but double check to be sure.
I also recommend changing your DNS settings in the router for better protection. DNS is like an address book that links human readable addresses (e.g. google.com) with the IP address associated with them. Good DNS mappings will block malicious sites, so you can change your default ISP settings to something better like Cloudflare or Quad9. This will help keep you safe on the internet.
Disable Unused Services
Take a look at your router services and see if there is anything you won’t use. Many times there are services set up for convenience; media streaming, file sharing, and remote management to name a few.
If you are not going to use those features, then turn them off. They can be a back door that hackers use to get access to your network. Disabling them doesn’t lock the door, it completely removes it.
Secure Wi-Fi
Don’t take your Wi-Fi for granted, it’s probably the connection you use most for its convenience. However, that makes it convenient for attacks as well.
To secure your Wi-Fi you should change your default network name (SSID) and also disable SSID broadcast so it doesn’t show when people scan for available networks.
Your router has something called Wi-Fi Protected Setup (WPS) that allows you to add devices to your network without entering your password on every device. Turn that setting off.
You should turn on MAC address filtering, which only allows connections for specific devices based on their unique MAC address. To be honest, there is some debate about how safe this makes you as MAC addresses can be discovered and spoofed, but our recommendation would be to add it as another layer of security.
Create Separate Networks
Creating separate networks involves segregating devices to have limited access.
The first one you are likely familiar with. Create a guest network for visitors to your home, that allows them limited access so they can utilize your internet but doesn’t give them access to your devices.
If you have any IoT (Internet of Things) devices such as smart switches or thermostats in your home, place them on their own network. These devices usually have poor security and are a weak point for entering your network. If they are on a separate network, then even if they get compromised it prevents the criminal from getting to your computer and data.
Limit Physical Access
One topic that frequently gets overlooked is physical access to your devices. Typically, everybody likes to put our home routers in a centralized location so there is good Wi-Fi coverage to the entire home. That makes sense, but it isn’t secure.
Putting it in a room with limited access or inside a locked cabinet helps prevent any tampering of settings. Never put it past kids or their friends to tinker with it if they can get at it. Likewise, ensure that web access is turned off in the router so that settings can only be changes with physical access, which you just secured.
Wrap Up
These are the top highlights from the NSA home security recommendations. Do you have any questions or need assistance in implementing these changes? Reach out and we’d be happy to help.