In our ever-evolving digital world, we find ourselves working more flexibly than ever before, and, for many, home is the new office space. This new way of working leaves us vulnerable as it was not set up for cybersecurity like our corporate world previous to the pandemic. Therefore, adjustments are necessary to protect ourselves and our livelihoods. A few simple steps can be taken to secure your home network and to enhance cyber-hygiene.
1. Make a list and keep it up to date
By making an up-to-date list of the devices/technologies you have, you have a starting point of knowing what needs to be protected and what should be accessing your home network. Moreover, you can compare the known list with things that you are not aware of. For example, if something appears on your home network that you don’t recognize (is not on your list of known devices), actions can be taken. Many modern routers and wireless access points can alert you when a new device connects. This is useful as you are alerted to foreign objects connecting and can act accordingly.
2. Always have a restorable backup
Backups that can be restored are more critical now than ever before. Backing up things like the Xbox or PlayStation may not be necessary; those things can be re-downloaded. However, backing up your digital life, including your documents, photos, and other important digital artifacts that now make part of our existence. It is common to put things on the cloud and then sync it to your form of local network storage that is encrypted so that only you can access that restorable copy.
3. Install a separate network for IoT devices and untrusted devices
Having all of your devices on one network is a bad idea. It’s straightforward to separate networks so that all devices are not on the same one. Many routers now have network isolation enabled so that each port is on a separate network and offers seclusion. This means that your cheap light switch that never gets updated and is most likely to get compromised is not on the same network as the corporate laptop you work on from home.
4. Install anti-malware on your computers
Some anti-malware out there is not worth a penny, but many are still useful and work to alert you to a problem. There are many reviews and an abundance of information online to investigate. When choosing one, it’s a good idea to install it on the computers that access the Internet. This will act as an early warning system to help fight infection and, in some cases, adds an extra layer of defense.
5. Make sure you use different passwords with MFA
Avoid using the same password everywhere and use multifactor authentication (MFA) whenever possible. If you use the same password, make sure you use MFA. If you don’t use MFA, make sure your password is different on all the websites you are registered on. If you can’t remember all the passwords, a password manager is recommended, there are many good ones out there, so it’s a simple step to take.
6. Home router security
Turn off all remote access to the router if you don’t need or use it. If the router is remotely configurable, others can attempt to access it and configure it, and potentially redirect it.
Firewall: If your router supports it, make sure you have a firewall activated so that only the ports you explicitly open are allowed outbound and inbound traffic. It’s not difficult to do, and on home routers, for the most part, everything is allowed out. However, only what you require inbound needs your configuration.
Secure DNS: Use a secure DNS service. Configure a Secure DNS IP address on your router so all DNS queries are requested from a trusted and curated DNS source. Therefore, if malware were to get onto your home network, any DNS request would be blocked by the upstream DNS system.
Filter IPs: Similarly to the secure DNS, you can subscribe to secure IP, which means your traffic can be scanned at an IP level before allowing the connection; there are many reliable and secure proxy services online that can be used to provide this service. Parents who want to monitor and manage children’s connections and prevent illicit content access are now using these services.
WiFi: Have a separate WiFi for different things with isolation. For instance, for your work, have a network called work WiFi isolated from home WiFi so that your laptop connects to work WiFi and only connects to that network and cannot see devices on the home WiFi. This keeps them separate and ensures that they don’t cross-pollinate if anything gets compromised on either of the networks.
UPnP: Universal Plug and Play is a standard found on many home routers and Internet-connected gateways that automatically open a port to the Internet without the user’s technical interaction. This allows for new devices to automatically communicate outside your network without the user having to configure anything on the router. It is very convenient, but an insecure way of operating as a hacker can get some malware on your device and use UPnP to open ports for remote access automatically. Therefore, it is recommended to protect against anonymous hackers accessing your devices, to disable UPnP.
7. Disable any form of remote management that you don’t need
Many devices can be remotely managed for convenience. If they don’t need to be remotely controlled, it is best to turn off that functionality. It’s more secure to have it off than to have it turned on because if a device is reachable, there is the potential for malicious access. If you must allow access, make sure it is secure, especially if you use SSH protocol.
8. Keep all your devices updated
Using the most up-to-date version of software makes it more likely that patches have been applied, meaning any past security issues have been addressed and fixed. When buying a device, look at how often the software is updated and if there is after-sales support for the device. Any hardware that gets few or no updates is usually a security risk and should be avoided.
9. Change all default credentials
Remember the list made in step one? When logging on to the devices on that list, ensure that all the credentials are changed from the out-of-the-box defaults. Undertaking this simple but essential step means that if someone gets onto your network, they will not be able to log on with the known credentials. This is an adequate level of defense as it slows down the attacker. This should be your first step when you acquire any device you attach to your network.
10. Maintain, monitor, and update
Frequently, just like at work, you need to maintain your home network and make sure it’s properly managed. It does not manage itself. Files need backing up, restores need testing — as things change and can break, updates need applying, devices need rebooting, and connections need to be monitored to be managed. Just because you are now working remotely, maintenance does not stop — this remains an essential part but now includes your home network.
A few simple steps can be taken to improve the security and cyber-hygiene of your home network. It is not difficult but takes some discipline when first fitting it into your routine. It is important to note that nothing in security is “set and forget.” Security requires continuous maintenance and upkeep. Those who do nothing are likely to get compromised and then wish they had a restorable backup or had segregated or updated their devices. Avoid a compromise and secure yourself and your family in the new cyber-landscape.
Featured image: Freerange Stock
It very good document for home network security, nicely described each network security issues which are mostly ignored in homes network.