Home is Where the Hack Is
Don’t think your home is too small to be a hacker’s target. The recent invasion of a young girl’s bedroom through a camera system has sparked a lawsuit and some hot discussion about who’s at fault. Ultimately, you need to make you cover all the bases, and the Department of Homeland Security offers some help in making sure you know where the bases are.
DHS rightly states what we think is obvious about the two common misconceptions home users share about the security of their networks:
- Their home network is too small to be at risk of a cyberattack.
- Their devices are “secure enough” right out of the box.
Besides those misconceptions, home networks – no matter how many smart devices or dumb devices they connect – have many moving parts. In addition to cameras and smart speakers, to name just two, our networks include routers, computers, mobile devices and TVs. So, even though you may think you have a strong username and/or password for every device, there’s a possibility you can miss one key setting – or there’s a possibility that someone using your network has the weak link in your security chain that provides outside access.
The DHS checklist, which we summarize below, is a good place to start. It reiterates a lot of actions we’ve told you to take over the years, and it’s a good refresher.
- Update your software regularly. Besides adding new features and functionality, software updates often include critical patches and security fixes for newly discovered threats and vulnerabilities. (See Understanding Patches and Software Updates.)
- Remove unnecessary services and software. They can create security holes in a device’s system that could lead to a larger attack surface of your network environment. This is especially true with pre-installed trial software and apps installed on new computers. Remove what you don’t use.
- Adjust factory-default configurations on software and hardware. They’re intended to reduce the troubleshooting time for customer service. Harden them to reduce vulnerabilities.
- Change default log-in passwords and usernames. Most network devices are pre-configured with default administrator passwords to simplify setup. They’re not secure. Change them.
- Use strong and unique passwords. Choose strong passwords and don’t use the same password with multiple accounts. (See Choosing and Protecting Passwords for more information.)
- Run up-to-date antivirus software. A reputable antivirus software app can automatically detect, quarantine, and remove various types of malware, such as viruses, worms, and ransomware.
- Install a network firewall. It can block malicious traffic from your home network and alert you to potentially dangerous activity. When properly configured, it can also serve as a barrier for internal threats, preventing unwanted or malicious software from reaching out to the internet. We can help you configure them.
- Install firewalls on network devices. In addition to a network firewall, consider installing a firewall on all computers connected to your network. We can help you configure them, too.
- Regularly back up your data. Consider using a third-party backup application, which can simplify and automate the process. Be sure to encrypt your backup to protect the confidentiality and integrity of your information. Data backups are crucial to minimize the impact if that data is lost, corrupted, infected or stolen.
- Increase wireless security. Follow the
steps below to increase the security of your wireless router or ask us for help.
- Use the strongest encryption protocol available. DHS recommends using the Wi-Fi Protected Access 3 (WPA3) Personal Advanced Encryption Standard (AES) and Temporary Key Integrity Protocol (TKIP), which is currently the most secure router configuration available for home use.
- Change the router’s default administrator password to deter an attack using default credentials.
- Change the default service set identifier (SSID), the “network name” that identifies a wireless network. Make it unique and not tied to your identity or location.
- Disable Wi-Fi Protected Setup (WPS). A design flaw in the WPS specification for PIN authentication significantly reduces the time required for a cyberattacker to brute force an entire PIN.
- Reduce wireless signal strength to reduce your electronic footprint.
- Turn the network off when not in use or automatically disable the Wi-Fi at specified times to prevent outside attackers from breaching your home network.
- Disable Universal Plug and Plan (UPnP) when not needed. Recent large-scale network attacks prove that malware within your network can use UPnP to bypass your router’s firewall to control your devices remotely and spread malware to other devices.
- Upgrade firmware to enhance product performance, fix flaws, and address security vulnerabilities.
- Disable remote router management to guard against unauthorized individuals accessing and changing your router’s configuration.
- Monitor for unknown device connections to monitor for unauthorized devices joining or attempting to join your network. Also see the manufacturer’s website for tips on how to prevent unauthorized devices from connecting to your network.
- Mitigate Email Threats. Phishing emails continue to be one of the most common and effective initial attacks. They prey on the human element – the weakest component in every network – by persuading a user to click on a link or open an attachment.
All the steps you can take are common sense, but they’re often overlooked in our hurry to get a new product or feature online. The hacker looks to exploit momentary carelessness. We can review your home or office network with a security assessment and help you implement any of the steps in this checklist. Call us – 973-433-6676 – or email us for an appointment.