From smartphones to smart fridges, the Internet of Things is producing more and more devices designed to be connected to a Wi-Fi network. It was expected that the average household would own 50 connected devices by 2021, up from just 10 devices the year before. With so many gadgets connected to the network, it has never been more important to increase your Wi-Fi security.
A home network can be connected in two ways:
- A wired network. A wired network is used to connect printers and scanners.
- A wireless network. The wireless network connects devices such as mobile phones and computers without wires.
Achieving better security on your home network is a big part of your overall cyber security, as intruders can exploit your Wi-Fi to install malware or create botnets, for example. It also often results in better router performance.
The basics of home Wi-Fi security
Many of the steps needed to strengthen your home network involve adjusting some settings. Each router and Internet Service Provider (ISP) will have some variation in the way you can access and change these settings, but you should easily be able to find the information you need on your ISP's website.
If you can't find the instructions online, contact your ISP directly or contact the manufacturer of your router.
1. Change the default name and password for your Wi-Fi network
The first step and one of the simplest ways to protect your Internet connection is to change the default name and password for your Wi-Fi network. Your ISP or router manufacturer will assign a preset name to your wireless network, called a Service Set Identifier (SSID). These preset names make it easy for hackers to look up or crack the default password assigned to your network.
Don't choose a name with any identifiable information - try a username generator for something completely random. Your Wi-Fi password should be a strong password that is unique and completely random, just like all your passwords. It involves symbols, characters and lower and upper case letters.
2. Turn on Wi-Fi network encryption
The latest and most secure form of wireless encryption is called Wi-Fi Protected Access 3 or WPA3. This protocol further protects your Wi-Fi network from unauthorized access by encrypting your data and making it inaccessible to hackers who don't have your password.
WPA3 has been around since 2018, so most current wireless routers come with this kind of encryption. But not all routers have it. If your router is older and doesn't support WPA3, it's a good time to upgrade to a newer model.
3. Keep your router updated
Like all your devices, your home router needs to be updated from time to time so that security holes can be patched. If you can, turn on automatic and new updates or check regularly for new security patches. You should also protect your router with a strong, unique password, which is needed to change many of the settings mentioned.
4. Use a firewall
A firewall is like a barrier between the Internet and your Wi-Fi network. All incoming and outgoing data moving between the Internet and your home network is first scanned by the firewall to protect your security and prevent malicious activity from reaching you.
Fortunately, most routers come with built-in firewall protection, but it sometimes needs to be enabled in your router's security settings.
5. Turn off Universal Plug and Play (UPnP)
Universal Plug and Play (UPnP) lets devices on the same available network, such as printers and computers, find each other and connect automatically without having to manually authenticate anything.
While this is convenient, there is a problem: UPnP cannot distinguish between a secure device and one infected with malware. UPnP is usually automatically enabled, so it's best to turn this off in your router's settings.
6. Disable remote access
Some routers let you connect to your administrator account remotely. This means you can adjust settings even when you're far out of range of your router or Wi-Fi home network.
Most people don't need this feature, and it's an easy way to increase your security. Turning this off means that a cybercriminal has to be within range of your home network before even attempting to hack it.
7. Consider using a VPN
A virtual private network (VPN) protects your online activity by masking your location and IP address and encrypting your data. By creating a secure 'tunnel' between your device and the website or service you're using, a VPN keeps your internet traffic hidden from third parties, such as hackers and your internalprovider.
Do you need a VPN? Not necessarily. Several websites use HTTPS, a web protocol that uses a strong form of encryption called SSL or TLS. And it does a lot to make the web a more secure and privacy-respecting place.
However, a VPN still has its advantages. If you do decide to go with one, do some research and make sure you choose a secure, reputable option.
8. Set up a guest Wi-Fi network
Do you often have friends and family over? If they connect to your Wi-Fi, it's crucial to set up a guest network. This separate network can be set up in your router's settings and will prevent anyone from exposing you by using an infected device or accidentally downloading a virus while on your Wi-Fi.
The guest network acts as a new access point to your router, keeping your home network and all devices connected to it separate so that only you have access to your network.
You can also set up a guest Wi-Fi network to keep some of your own devices separate. Some Internet of Things (IoT) hardware is less secure than a computer or smartphone and much more vulnerable to hacking.
You can use a guest network to connect devices that don't hold as much sensitive data, such as smart appliances like refrigerators. If a hacker found a way to hack one of your IoT devices, they would only have access to the guest network - not what your laptop, phone and other devices with personal information are connected to.
9. Turn off Wi-Fi Protected Setup (WPS)
Wi-Fi Protected Setup (WPS) is designed to simplify connecting to a Wi-Fi network - which unfortunately makes it easier to hack. With WPS, anyone can connect using a short PIN or by pressing a physical button (Push-Button-Connect) instead of a password.
In the end, these options are only slightly more convenient and much, much easier for a cybercriminal to exploit. While it's unlikely that someone will break into your home and press the WPS button on your router, an eight-digit PIN won't take long for a hacker to crack with a brute-force attack.
If you want to keep your network as secure as possible, it's best to turn WPS off completely. WPS is usually enabled by default, so be sure to disable this as soon as you can.
10. You need to enable MAC address filtering
Every device you own comes with a unique "media access controller" (MAC) address that identifies it on a network. Normally, a router will allow any device to connect - as long as it knows the appropriate password.
With MAC address filtering, a router will first compare a device's MAC address against an approved list of MAC addresses and only allow a device onto the Wi-Fi network if its MAC address has been specifically approved.
Many routers allow you to configure a list of allowed MAC addresses in its web interface, so you can choose which devices can connect to your network.
It is possible to spoof MAC addresses in some cases, but using MAC filtering still provides an extra layer of protection.
11. Give your router a new IP address
Modern routers have default IP addresses and they are easy for hackers to find. Some IP addresses are even on the web.
You can go to your router's admin panel and search for network settings or LAN/DHCP. Change your IP address and store it somewhere safe.
It should be enough just to replace a few numbers in the address. Once changed, use the new address to access your router settings.
Final thoughts about your network
As smart devices become more and more a fixture in your home, it's time to get very serious about your Wi-Fi security so you can protect your network. IoT gadgets can be fun and incredibly useful, but if you're not keeping an eye on how and what you're connecting and whether it's a secure connection, you're putting yourself at risk.
Investing the time to strengthen your Wi-Fi home network will give you the convenience, security and peace of mind you need to make the most of an increasingly connected world.
Sofie Meyer is a copywriter and phishing aficionado here at Moxso. She has a master´s degree in Danish and a great interest in cybercrime, which resulted in a master thesis project on phishing.