Cyber Security for the Home
– By Guillermo Zepeda
The cyber threat landscape is ever changing. Threat actors constantly find ways to deceive us to try and gain access to our valuable data or bank accounts. Also, with the increased availability in home smart devices, our home networks need more security to keep our data safe from prying eyes. Here are some ways that we can secure our home network, yet still keep it functional for our everyday use.
At the core of any home network is a router. This is the gateway into your home. Some internet providers include an “All in One” device that is a cable modem and router in one. This type of device has WiFi capability as well as Ethernet connectivity. These devices generally do not provide many options for control over your network, other than some basic settings. You may want to consider purchasing your own router since these devices have more options and give better control over the network settings. Some home router brands include Netgear, Linksys, and Ubiquiti.
- Start with securing your router by using a strong password. Using the default login password would leave you vulnerable to where a bad actor can easily access the router and make changes such as adding a proxy, or a middle man between your router and the internet. This would mean that the bad actor can see all the network traffic on your network, including website logins and passwords.
- Install firmware updates on the router. Most manufacturers provide periodic firmware updates to their devices, either on their website or a built-in firmware update feature on the device itself. Keeping the firmware up to date is important so that security patches can be applied. Some devices even include an automatic update feature so these patches get automatically applied after they are released by the manufacturer. Also, it is best to replace these devices after they reach the manufacturer End-of-Life (EOL) support. Most devices have a serviceable life of about 5 to 6 years before they reach EOL.
- Secure your WiFi network by using a strong password and enable WPA2 or WPA3. All routers these days support Wifi Protected Access 2 (WPA2) and some support WPA3. WPA3 is the newest version and is designed to offer better protection for simple passwords, it also offers more protection against password guessing.
- Set up a guest WiFi network. Setting up a guest network will allow non-critical devices and guests to access the internet while not interfering with your private home network. Most modern WiFi routers have this feature and the setup is generally pretty straight forward. Keeping non critical devices, such as Ring doorbells, WiFi light bulbs and switches, and other smart devices separate from the main network is ideal. In case there is a known vulnerability with these devices, it will not affect the internal private network. Some routers can accommodate more than two WiFi networks, so you can use a separate network for guests and another for smart home devices.
- Reboot your device at least once per month, or biweekly. This will clear out any active sessions and clear out any stored data in cache memory. This will also clear out non-persistent malicious code that may have installed itself on the device.
Now that we have successfully secured our gateway, let’s secure our devices attached to the network. These devices include desktops, laptops, tablets, mobile phones, security cameras, doorbells, or other smart home devices.
- Use a secure password for the user account on your computer. If this is a shared computer, then each user would need to use a secure password. Secure passwords include a minimum of 10 characters, have an uppercase letter, a number, and a symbol. Best practice for a secure password can be a string of unrelated words put together, such as SymbolCurtainwithStars$56. It is a long password that is easily remembered but hard to guess. Always remember to not use the same password for all your logins.
- Use a password manager for web passwords and other passwords. Password managers help with organizing all your passwords for the different sites and logins you use. They are organized in separate folders or categories, customizable to your preference. There are many password managers to choose from now, including LastPass, OnePassword, or Dashlane. Each offers different plans, including a family plan and a free plan. The free plans are limited, but it is better than the built in password managers built into web browsers. These are all cloud based and sync passwords across your devices. These password managers can generate secure passwords for the sites you log into and save them. You would still need to use one secure master password to gain access to the password manager.
- Use a modern operating system and keep it up to date. Whether you use Microsoft Windows, Mac OS, or Linux, keeping the operating system up to date will ensure that all the security patches have been applied. Keeping up to date on the latest operating system is also a good idea in most cases. Using legacy operating systems that are no longer supported by their respective manufacturer leaves the system open for malware attack. Most Windows desktops that have been purchased within the last several years are capable of running Windows 11. If you prefer to use Linux, there are many distributions that offer long term support and these can run on modest PC hardware. Apple pushes out security updates on a regular basis as well. Apple releases a new operating system every year and although it is not necessary to upgrade right away, it is still a good idea to keep up with the security updates. Check Apple.com to see whether your Mac is able to upgrade to the latest operating system.
- Keep web browsers up to date. Updating Chrome, Firefox, or whichever browser of your choice ensures that it is safe from most website malware. Modern browsers have added security features that help protect confidentiality and also prompt the user when these features are disabled. Always look for that “lock” icon in the address bar to indicate you are on a secure website.
- Social media safety! Avoid posting personal information on social media sites, including LinkedIn. This includes addresses, phone numbers, places of employment, or other personal identifiable information. This can be used by bad actors to harass you or use it against you in some way. Scammers make use of this information along with pet names, the street you live, or car make and model to try and answer security questions. Take caution when receiving requests from someone you don’t know or from someone that may pose as a friend.
- Use caution when accessing public WiFi hotspots. Many coffee shops, hotels, and airports offer free WiFi for customers to use. Most of these are unsecure and no password is needed to join. These networks often have very little to no security and as such are more susceptible to malicious activity. Bad actors can be on the same network with a network scanner tool to capture all the network traffic and use it for malicious purposes. Use a personal hotspot, such as the hotspot function on your mobile device. Cellular carriers also have Hotspot devices that can be purchased on an as needed basis if you travel a lot. Most important of all, do not leave your device unattended in a public place.
- Use caution when reading emails. Phishing emails are on the rise and clicking on links can mean your login information is compromised. Microsoft is not going to send you emails to let you know about special offers. Also use caution when opening DocuSign emails; these are also a source of phishing. If you are expecting a docusign document from someone, as an added security measure contact the sender separately to make sure they sent it and it is not a phishing attempt.
- Secure your email and social media accounts with Multifactor authentication (MFA), also called Two-Factor authentication. Multifactor authentication is added security where besides needing your password to gain access, you must provide an authentication code as well. These codes can come from a text message or an authenticator app, such as Google Authenticator. This added layer of security helps prevent unauthorized access to your accounts. Always set up MFA where available.
- Use a good Antivirus solution. Antivirus software can detect when there is malicious code present in a computer in real time. Most offer layered defense, such as anti-phishing, safe browsing, and firewall capabilities. Good Antivirus solutions include Malwarebytes, Eset, Webroot, and more. These come with a subscription, and as always, keep this software up to date!
Wow, that was a lot of items to get through! Now let’s move on to securing our tablets, smartphones and other smart devices.
- Use a strong password to secure the device. Security always starts with a strong password! This will make it difficult for someone to guess the password and make changes to the device.
- Smart home devices should be used on their own network to prevent any unintended security vulnerability in these devices to affect the rest of the network.
- Keep devices up to date and use the automatic update feature if available.
- Most home assistants and smart devices have microphones and are actively listening to conversations, even if you are not using them at the time. If these devices get compromised, the bad actor can listen in on your conversations. Limit your conversations when you are near these types of devices. These can include baby monitors, Amazon Alexa, or Google Assistant.
- Install apps on smart phones and tablets from an authorized source such as Google Play Store or the Apple App store. Installing software from any other source can be a risk as this software is not tested to comply with standards set by Google or Apple and may contain malicious code.
- Use a data blocker USB device to charge in public chargers. Public charging stations are located in airports, coffee shops, and other public places. USB data blocker devices plug into a USB port on the computer or public USB charging station and transfer power only. They are designed to block any sort of data transfer to the device. This data can be malicious code that gets implanted into the device to spy or exfiltrate data. This is known as “Juice Jacking”. These devices are available on Amazon at a reasonable price.
- Cyber security awareness training is available online from a variety of sources. There are both free and paid courses. This training is designed to educate you on the various types of threats, their vectors and how to protect yourself.
The modern security landscape is always adapting to new threats. You should adapt as well in securing your network and devices against these threats. Remember that security is everyone’s responsibility!
Skyline IT Services Disclaimer: This document is intended to offer general information and guidance. It is recommended that you consult with your internal technical and / or legal team to review all details, application and / or policies before implementation or adaptation. This document is provided “as is,” without any warranties of any kind. Skyline IT Services disclaims any liability for loss or damage arising from reliance on the information contained in this document.