How to prepare a cyber-secure home office?
Just a few years ago, it was much easier to create a cyber-secure home. Most homes had only a wireless network and a couple of computers.
Today, technology has become much more complex and it is integrated with each part of our daily life: mobile devices and game consoles, or even fridges and home thermostats. All this was made even more complicated by the possibility, or rather necessity, of remote work. Here are some simple steps on how to prepare a cyber-secure home office.
How does a wireless network (Wi-Fi) work at home?
Today, almost every home network is also a Wi-Fi network. All your devices connect to the internet through this network. Most home wireless networks are controlled by an internet router or a separate dedicated wireless access point. These devices work in the same way: they emit wireless signals that are received by the devices in the house and they are connected using these signals.
Routers and access points today and in the past. What has changed?
For many years, the manufacturers of network devices had quite a loose approach to security. However, the new routers that have appeared on the market recently have built-in high-level security measures. The manufacturers pay more attention to security and reliability than ever before and they aim at creating products with software that is more user-friendly than in the past. Currently, they support many key security settings.
What threats are routers and access points exposed to?
The main source of threats for routers is, surprisingly, known devices. This may sound strange, so I’ll explain what the danger is here. A router has a list of devices that it considers trustworthy. In other words, the devices have access to the network and, through them, programs and applications as well.
If you meet basic security rules, you can minimise the risk of infecting your home network
We have a few suggestions that will help you with this:
- Make sure that all the software on your devices is regularly updated.
- Choose consciously applications, programmes, and add-ons that are installed in your browser.
- Protect your devices with long and hard-to-guess passwords, preferably different from each other. You can use a password manager, e.g. KeePass, Bitwarden, 1Password.
- Make sure your devices are protected with appropriate security software (antivirus, firewall, device encryption, etc.).
End devices are not only computers
You probably have many devices connected to your router: smartphones, laptops, or smart speakers (voice assistants).
Remember that you need to secure them all as soon as you connect them to a Wi-Fi network – then they are also connected to your router. If a device does not require it, turn the Wi-Fi access off. You won’t notice any difference in its operation and you’ll avoid unpleasant situations. Almost every day we observe new attacks on smart devices or we hear about new network worms, so it’s better for you to learn about them from portals on computer security than through first-hand experience.
The following steps will help you secure the core of a cyber-secure home
- Change the default admin password in your internet router. An administrator account allows you to configure wireless network settings. If an attacker takes over your router, they’ll likely cause severe harm.
- Make sure that only the people you trust can connect to your wireless network. Currently, the best option is to use a security mechanism called WPA2 or WPA3, if available. When this setting is turned on, a password is required to connect to your home network and, once connected, their online activities are encrypted.
- Make sure that the password used to connect to the wireless network is strong and different from the admin password. Keep in mind that you need to enter the password only once for each of your devices, as they remember it – so put some effort in inventing it.
- Many wireless networks support a ‘guest network’. This allows visitors to connect to the internet, but it protects your home network, because they cannot connect to any other device in the home network (consoles, shared folders on computers, printers, etc.). If you create a guest network, remember to turn WPA2 (or WPA3) on and create a unique network access password.
No, it’s not that your friends and family are hackers in disguise. If you let them into your home network, this means they can access files that are protected by an NDA or they can accidentally change settings, which can cause network problems. This is also another obstacle for the people who are secretly trying to access your network without your permission. Even if they manage to access the guest network, they won’t be able to take control over other devices or the router.
- The router should have the setting of hiding SSID of the main network, i.e. the name of the network that appears when end devices scan for Wi-Fi. If visitors do not see this network, they can’t connect to it. All you have to do is to know the name of this network to connect to it. If you aren’t sure about the name and you’ve turned SSID broadcast off (hiding the SSID), it will appear in router settings.
It’s good to know what devices connect to your Wi-Fi network
You need to be sure that all these devices are secure. Today, almost anything can connect to your home network, including:
- game consoles,
- baby monitors,
- and even cars.
The best way to keep your home network secure is to regularly update the software of end devices. Attackers are constantly exposing new vulnerabilities in various devices and operating systems. When you enable automatic updates on your computer and the devices connected to the internet, you will ensure that only the latest software with the newest patches is used. This makes hacking into them much more difficult.
Why is it better to disable remote access, UPnP, and WPS?
Many routers are equipped with features for easy remote access from outside home. However, think: how many times have you actually needed admin access from another place? Rather rarely if ever at all, so it is safer to disable this feature in the router’s settings. Remote access apps work just as well without these settings.
Another function you should pay attention to is Universal Plug and Play (UPnP). This makes it easy to configure the internet access of game consoles or smart TV, as you don’t have to go through multiple setup screens. On the other hand, UPnP can be also used by malware to gain a high access level to the router’s security settings.
If you have remote access and UPnP turned on, these won’t make your home network endangered straight away, but it does make it a much easier target. If it turns out that some applications and devices in the network require UPnP, you can always change the settings.
You should also think about disabling Wi-Fi Protected Setup (WPS). The idea behind WPS is good as it allows you to connect new devices with a button or PIN, but it also makes unauthorised access easier: a PIN is easier to break in the case of a brute-force attack or simple guessing than an alphanumeric password. If you don’t need WPS in your case, it’s best to just turn it off.
It is also good to update the router’s software (firmware)
What is this about? Every router runs low-level software called ‘firmware’, which essentially controls everything the device does. It also determines security standards for your network, sets out the rules for connecting devices, and so on.
Some of the more modern routers run updates in the background. Yet no matter what model you have, it’s always worth checking if the firmware is up to date. As a result, you have the latest bug fixes and security patches, and you’re protected against any known exploits.
Firmware is updated differently in different routers, but finding the required option in the settings shouldn’t be difficult. If you’re stuck for good, you can always read the user’s manual (usually found in the packaging) or search for technical support on the manufacturer’s website.
Ideally, this will be automated; you can even receive notifications on your phone whenever the firmware is updated. In some models, you have to download new firmware versions directly from the manufacturer’s website and install them manually. Nevertheless, the additional effort is worth the additional security.
What passwords should be used to make them secure?
The next step is to use a strong, unique password for each device and online account. Are you tired of generating complicated passwords that are difficult to remember and difficult to type? We know your pain. Fortunately, there’s an alternative: just use a passphrase, which is a type of password where a number of easy-to-remember words are used, e.g. ‘WhereIsMyCoffee’ or ‘IDontSendEmailsAboutPancakes’.
This way, if one password becomes compromised, all the other accounts and devices will remain secure. Are you afraid of forgetting the login details to individual systems and elements of equipment? Don’t worry, we don’t remember them either. That’s why we recommend using a password manager: a special security program where you can store your passwords in an encrypted virtual safe.
- You should use WPA2 to protect access to your router. This essentially requires that any newly connected device should be authenticated by entering a password. This is the default setting on almost every router. If it looks different for you, we suggest turning this option on. Another good practice is to change your Wi-Fi password regularly. Yes, this means you’ll have to reconnect all your devices, but this will also drive away any unwanted guests. The control panel of the router should include a list of all the connected devices; however, it may be difficult to interpret the data.
- We also recommend changing the password required to access the router itself, as many people simply leave the default settings in place. This means that anyone who knows those settings or who can guess them can also change the configuration of the router. As in the case of any password, we recommend the passphrases which are difficult to guess but easy to remember, e.g. a strong password can be ‘ILoveSecurity4Life”.
Password change settings should be easy to find in your router’s control panel. If you have a newer model, you may receive a warning that your password is too easy to be guessed or that it can be broken with a brute-force attack. Eventually, the WPA2 standard will be replaced with WPA3, which offers more set-and-forget settings, also in the context of security, but until then, pay close attention to Wi-Fi passwords.
- Finally, turn on two-step authentication, if available, especially for online accounts. Two-step verification is much stronger. It also consists of a password but adds a second step, e.g. a code sent to your smartphone or application. This is probably the most important step you can take to secure yourself online. It may sound complicated, but in fact, it is much easier than you’d think.
Creating backups is for everyone, not just for big businesses
Sometimes you can get hacked despite being careful. In such a case, the only way to recover data is to restore it from a backup. Make sure you back up important data and check if you can restore them. Remember that a good backup is a copy stored in a safe, separated place – why would you need a backup if it is stored on the same disk that is backed up?
Most mobile devices have built-in software for backing up in the cloud; computers with Windows have a similar solution. You can always copy the most important files manually, e.g. to an external drive, but this requires a very good memory and self-discipline. An interesting network solution is Network Attached Storage (NAS), which often has software for creating backups. To sum up, verification of creating and restoring backup should be an integral part of your routine for a cyber-secure home.
Security is a very broad topic and it’s easy to get lost or fall behind. Don’t be afraid to ask, clear your concerns, or just find out what the current cybersecurity best practices are.