6 Tips for Securing Your Home Network in 2020
In recent times, workplace boundaries have expanded beyond office walls as companies worked to foster a healthier work-life balance for their team members. Telecommuting has surged globally in response to COVID-19, testing the limits of corporate networks, communication tools, security measures, and cloud services.
An operational and secure home network is key to effectively communicate, perform business functions, process sensitive information, and fend off the numerous threats that creep in cyberspace. In this blog post, I will cover a few ways you can protect your home network.
#1. Protect Your Accounts with Strong Passwords
The first line of defense is to change your router's default password, often set as “admin,” to something stronger. (Note that default passwords for many routers are publicly documented.) Check out this excellent LastPass blog post for a walk-through of how to create a strong password.
In addition, use a password manager to generate and securely store passwords. The concept behind a password manager is that you remember only one very strong password—your master password—to access an encrypted database that contains all your passwords. I must emphasize that your master password should be very strong because an attacker who has this key has access to all of the passwords in your database. Top-tier password managers include LastPass, KeePassXC, and Bitwarden. Using a password manager is not only safe and recommended by most security researchers but also convenient.
#2. Enforce WPA2
Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA) are encryption algorithms used to secure wireless traffic. You should use WPA2-Personal or higher for your network and safeguard access with a strong password. WEP and WPA are unsafe. In 2005, the Federal Bureau of Investigation (FBI) cracked a WEP key in three minutes using publicly available tools. This can be done quickly because the algorithm uses RC4, a weak stream cipher. In 2009, Ohigashi and Morii executed a one-minute attack on WPA, which allows attackers to play man-in-the-middle.
Setting Your Network Security to WPA2-Personal
You will also want to change your Service Set Identifier (SSID) to a unique name, as the default name reveals your router's make and model information—a possible attack vector. Moreover, there is confusion about the effectiveness of hiding SSIDs. In almost all cases, hiding your SSID is ineffective and can even introduce security risks.
#3. Keep Your Software Up to Date
Software updates enhance the user experience by introducing, improving upon, or removing outdated features; boosting stability and performance; and patching security vulnerabilities. Below are instructions on how to check for updates in Windows, Chrome, and Firefox.
- Chrome: Vertical ellipses > Settings > About Chrome
- Firefox: Hamburger menu > Options > Firefox Updates > Check for updates
- Windows: Search > Type “check for updates" > Enter > Check for and download updates
Checking for Updates in Firefox
#4. Enable Multi-Factor Authentication (MFA) Where Possible
Multi-Factor Authentication (MFA) uses at least two criteria to validate your identity, often with a password (something you know) and your phone (something you have). This validation can also be done biometrically, such as with a fingerprint (something you are), and/or geographically (somewhere you are). If your password is compromised, you are still protected, as an attacker would need the other piece of the puzzle to gain access.
Research has found that receiving a verification code via SMS as the second factor is less secure than using an authentication app. An authentication app—such as Google Authenticator, Microsoft Authenticator, or andOTP (for Android)—is far safer.
#5. Use a Virtual Private Network (VPN)
A VPN encrypts your network traffic and, with other measures, can protect it from your internet service provider, hackers, advertisers, and governments. I recommend using a VPN at home or while on a public network—those found at coffee houses, hotels, and airports—because the traffic is unencrypted and can be read with free software.
Avoid free VPNs because some contain malware, connection speeds are poor, and worst of all—your data is likely being collected and sold. This is, in part, what we are trying to prevent. Choosing a VPN depends on your needs and threat model. You can leverage research conducted by That One Privacy Guy to find one that’s best for you. Mullvad and ProtonVPN are stellar options for general purposes.
#6. Don’t Get Hooked by Phishing Scams
The FBI predicts a rise in phishing scams related to COVID-19. Phishing is where an attacker sends an email claiming to be from a reputable source to steal information. Hackers, both opportunistic and resourceful, champion phishing because mass emails are easy to send, fake websites can be built quickly, risk of detection is low, and human psychology is easier to exploit than industrial firewalls.
The National Cyber Security Centre (NCSC) highlights five red flags of phishing attempts: authority, urgency, emotion, scarcity, and current events. The Cybersecurity and Infrastructure Security Agency (CISA) has released an alert about these social engineering exploits, indicators of compromise, and mitigation.
Telework is now more popular than ever due to COVID-19. In response, attackers have re-strategized how they target organizations and individuals, many of which are unprepared to handle these threats. Securing your home network and devices with a strong security protocol and password, locking your devices when they are not in use, enforcing MFA, using up-to-date software, encrypting your traffic, and recognizing phishing attempts are simple ways to keep your network, and the personal and professional information that traverses it, safe.
Paul (@paulmargiotis) is the Security Engineer at SentryOne, where he writes and implements security policy, directs compliance with data privacy and protection regulations, and strengthens the organization's network and perimeter defense. In his articles, he shares insight into hardening systems and infrastructure, risk management, cryptography, and building robust processes and protocols to enhance security governance. Paul holds a master's degree in Cybersecurity, with a concentration in Network Security, from the University of North Carolina at Charlotte.