Week 2 CyberSecurity Theme - Make Your Home a Haven

Like Most Good Habits, Good Cybersecurity Practices Start at Home


Technology is more pervasive in our households than ever before, from the ‘smart’ thermostats that allow us to manage our energy usage remotely, to the wireless LED lights that can be programmed to do many different things.  Malicious actors have increasingly targeted these devices because they are becoming widespread, and people struggle with how to configure them securely. And more than just these “Internet of Things” devices, the number of mobile devices like tablets and laptops in our homes is also increasing.  It makes sense, then, to focus on the home and try to make it a haven for online safety.

Security is the Same for All Devices on Your Network

For any smartphone, laptop, tablet or desktop computer in your home, you should follow the same advice that is typical for securing any computer.  The device’s operating system and applications should be kept up-to-date. An antivirus application should be installed, kept up-to-date, and run daily to look for malware. Laptops and desktops should have a software firewall installed; these may not be available for tablets and smartphones, but in that case, the wireless connections should be turned off when not in use.  Windows has a firewall built-in, and you should leave it on even for ‘private’ networks. Don’t connect the devices to your neighbor’s wifi, or any unknown open wifi. Be cautious with links and attachments that arrive via email, SMS, or messaging apps. If there are children in the home, take steps to secure the devices with passcodes and separate user accounts without administrator rights, or consider a parental control application, to prevent unwanted changes to the devices. You should also consider how to backup your important files and documents, in the event that your computer gets irreparably damaged from malware. A periodic backup to an external hard drive that is only connected during the backup period is a simple way. Look for something that incorporates encryption and put the drive in a secure location.

Additional Measures are Necessary for the “Internet of Things” Devices that can be Found in the Home.

First off, make efforts to buy devices from reputable, established companies. You get what you pay for – cheaper devices may be programmed with hastily-written software, or the vendor may not put out security updates in a timely fashion. Avoid directly connecting the device to the internet; the device should connect to your internal network, behind your router. Also avoid devices with peer-to-peer (P2P) capabilities, as it is extremely difficult to control what these devices connect to.  Make sure that the firmware of the device is up-to-date. This is typically done using whatever method you’d use to manage and configure the device; depending on the device, there may be a management app, or a management web portal to use with a browser. If in doubt, you can visit the device manufacturer website – most companies will announce firmware updates on their websites.  If automatic updating of the device is available, enable it. Ensure that the default password for the device is changed. Most of the time, the setup instructions will have the default password, but many people either forget to change it or don’t because they don’t want to forget it. Leaving default passwords set on devices is a huge risk, because many default passwords are just an internet search away.  If you have an option, only use HTTPS connections to the management web interfaces of the devices. (If a management app is used, this doesn’t apply.)

Special Attention to your Router is Critical to Protecting Your Home

Routers are another kind of IoT device, but because they sit on the boundary of your network and the rest of the internet, they deserve additional protection beyond updating firmware and changing default passwords.The router’s web management interface should not available from the internet. Most people won’t have a need to configure their router remotely, so enabling this is not needed. The WPS feature should be disabled, as well as the insecure connection protocols WPA and WEP. All of these can be cracked to allow unauthorized access to your network. Only use HTTPS connections to the router management interface. The default SSID name should be changed, but not to anything that contains personal information; if you don’t mind doing some extra typing when connecting to the network, you can even disable the SSID broadcast altogether.  (The network will not show up in a scan, but if you know the SSID name, you can type it in along with the password to connect.) The password for WPA2 (or WPA3 if available) should be strong, a good mix of alphanumeric and special characters, and as long as you can tolerate (10+). You should also turn off every feature that you don’t use: Universal Plug n Play (UPnP), SNMP management, port forwarding, etc. If some of these terms are unfamiliar, ask a techie friend to help you, or do some internet research – securing your router is critical to securing the rest of your home network, so get as much help as you need.

These steps represent the essentials of what should be done to secure your home router and network, but there are many other settings and configurations that can be done for those who want to do more research. If you can follow these minimum recommendations, however, your home can be your haven from online cyber threats.