In your typical office environment, ensuring the network runs smoothly is usually someone else’s job. We are used to ringing up the IT help desk to report a network connectivity problem or request assistance with hooking up a device to the internet.
However, with more of us working from home than ever before, we are having to rely on our personal Wi-Fi connections – wireless home or mobile Wi-Fi solutions – and provide our own IT support. With the growth of smart homes, there are many more devices e.g., speakers, lights, TV, security cameras to think about.
But what about security? Have you protected your home or mobile Wi-Fi network from casual eavesdroppers, neighbours looking for free internet or cyber-attackers? If you have not, it doesn’t take much time to go into your device settings, tweak a few things and prevent unauthorised access to your personal network.
Does the thought of diving into your network router settings sound scary? If that’s you, perhaps you can get help from a tech-savvy friend or neighbour. Below we share some basic steps to follow to protect your personal Wi-Fi network.
Note: In this post, we refer to wireless home networks and mobile Wi-Fi as a personal Wi-Fi network.
How can I access my network router settings?
Many modern routers allow you to do this by typing in an IP address into a web browser e.g., http://192.168.1.1 or http://192.168.0.1. In some cases, you might be able to download an app from your provider which connects to the device. Check your device manufacturer’s documentation if you’re in any doubt.
Step 1: Change your default network router password
Imagine turning on your laptop, tablet or smartphone, attempting to load a web page or launch an app and receiving a ‘network error’ message. You check your settings and find that your personal Wi-Fi is no longer listed. You shut down and restart your network router multiple times without any success. Frustrated, you ring up your Wi-Fi provider for assistance and after some troubleshooting, you receive the news that your personal Wi-Fi device has been hijacked!
How? The hijacker may have figured out your router’s default Wi-Fi username and password (or that there is NO password at all!) which allows them to log-in to the administrator console of the device. Once the attacker gains access to your settings, they could reconfigure your network and in the process, lock you out, add your router into a botnet or simply connect to enjoy free internet.
To protect your personal Wi-Fi network, take a moment to change your password (and username if possible) from its default setting. Remember to choose a strong password.
Step 2: Change or hide your default network name
This is more obscurity than security but is still worth doing. Your Wi-Fi router typically creates a network with a default and unique identifier (service set identifier or SSID) assigned by the provider.
You’re likely to be able to identify which providers are serving your neighbourhood by doing a simple search for Wi-Fi networks around you (for example, in the UK you may find VM = Virgin Media, BT = British Telecoms, SKY = Sky Broadband etc).
Why is this important? An attacker searching for networks to compromise may be able to deduce the make and model of your router as a prelude to an attack. If you haven’t enabled other security settings, your router may be easier to compromise once the attacker knows the model.
Go to your router settings, look for the SSID setting and change the default network SSID. You can also hide it all together to prevent it from being publicly broadcast (just make sure you remember what the network is called). But most importantly, change your router admin password and turn on encryption (see next step).
Step 3: Turn on wireless encryption and create a strong key
Encryption protects your network from eavesdroppers and unauthorised access. By turning on encryption, devices will need a secret key (usually a password/passphrase) to connect to your router.
If you haven’t done so, log-on to your router, find the security settings and look for the types of encryption available. Currently, WPA2 is the most secure encryption recommended for your personal Wi-Fi network. If your router does not have WPA2, you might have an older model and an upgrade may be required if you want more security.
If you have a password manager, generate a new token and replace the default key, password or passphrase that was supplied by your network provider. It is good practice to change this frequently, especially after you may have shared it multiple times with visitors.
Step 4: Enable MAC address filtering
Network-ready devices such as smartphones and laptops have a unique physical address called a Media Access Control (MAC) address. You could further protect your personal Wi-Fi network by explicitly permitting specific devices to connect (and deny others) based on their MAC address.
Begin by making a list of the MAC addresses of all personal devices you wish to connect or deny access.
Log-on to your router administration console.
Go to your security settings and find and enable “MAC Filtering” (if disabled by default).
Create rules using the MAC addresses of the personal devices you collected earlier.
Step 5: Disable router features you don’t need
Remote administration access to your home network router whilst you’re away is not a feature that most regular users will ever need to use. However, this feature exists on many modern wireless internet routers.
This should be disabled by default. Unless you know exactly what you’re doing, it should stay that way in order to avoid introducing unnecessary security risk to your personal network.
Other features to consider disabling include Universal Plug and Play (UPnP) and Wi-Fi Protected Setup (WPS). These are features that could be misused if there are compromised devices on your network.
More tips on how to protect your personal Wi-Fi network…
On a final note, while protecting your personal Wi-Fi network begins with your network router, remember that all the devices that connect to your network could also provide entry routes to attackers if not adequately protected. Keep your devices updated with the latest firmware and security patches and practice good password hygiene.
When it comes to protecting your personal Wi-Fi network, there’s always more you can do. In the next article on this topic, we will explore a few reasons why you should consider creating a separate network from your personal Wi-Fi.