Data breaches and unsecure networks are serious business. When a gigantic corporation like Yahoo or Home Depot can’t prevent unwarranted access to its data, what hope does a private citizen, armed with a router and a cheap spyware program have to protect their valuable information? Last year, data breaches reached an all-time high. According to the Identity Theft Research Center, data breaches were up 40% last year, after a record high in 2015. Hacking, skimming, and phishing attacks are the most common, which can easily morph into identify theft and personal information leaks that reveal your social security information, tax returns, and bank account information.
Another recent development is unauthorized users hacking into your Wi-Fi to use the signal for their own nefarious purposes, like sending email and hate mail through spam accounts, or downloading illegal bit torrents or, in some cases, illegal hamster trafficking (okay, I made that last one up). Additionally, hackers locking on to your wireless signal (also known as piggybacking, although it’s a lot more dangerous than that innocuous kids game) can cause other problems, like severe slowdowns in your connection speed.
Scary? Yes. Preventable? Mostly. Other studies show that almost 79% of home users don’t secure their network, or secure them so haphazardly that hackers find them easy pickings. Are you one of those? Don’t worry—there are simple steps to locking down your Wi-Fi, and even some more complex ones that will ensure a great deal of privacy on your networks. Let’s look at home networks first.
At Home
Your home Wi-Fi network should be a safe and secure haven for your private data. Providing your network with speedy and reliable connections, it should be the last place you worry about intrusive breaches and prying eyes. It should be a nice, green, calming gondola set in the middle of a lush green park, surrounded by children and puppies and butterflies.
In fact, your home router is more like a seedy bus terminal in the middle of a downtown war zone. A lot of creepy people can hop on your bus at any time, using fake IDs and stolen tickets and, once in, they can do whatever they want. They can even drive the bus, if you didn’t lock it down. Nobody wants that. Nobody wants some stranger driving their bus. What can you do to prevent this from occurring?
Change That Password and Username
Continuing the analogy, there are many ways to prevent strangers from finding the keys to the bus. The most common is the use of passwords to hide the keys away. The problem is that some passwords are not changed when you buy a new bus (sorry, router, even I’m getting confused here). It’s easy for those in the know to guess your username is ADMINISTRATOR and your password is blank. So, the first thing you should do is change the password to something a little more formidable.
Make the Password Great Again
If you want to keep prying eyes off your data, consider a stronger password. Using your pet’s name is easily discoverable, especially if you have that name sewn on your sweater (no judgment calls here). A strong password uses an alphanumeric base, with both capital and lowercase letters, numbers, and even symbols. Make sure you write it down and keep it somewhere accessible (though not in your wallet or purse; if you lose those, the thief now has a way to get into your network at home, as well as drive your car around).
Don’t Spread SSIDs
The SSID (server set identifier) of a new router is almost usually always the router manufacturer (Belkin, Linksys, etc.), and sometimes includes the model number. This makes it much easier to find your model and look up any vulnerabilities to your specific router. Don’t give a stranger that much information. Change the SSID to something you can identify while keeping it generic. Never use your family surname for the SSID. That’s one more bit of information identity thieves don’t need to have. Another good tip: turn off network broadcasting in your router settings so that no one can automatically see what your network is. The number one reason most people don’t do this—they themselves cannot see the SSID, and wrongfully assume the router isn’t working. The caveat to this is that there are tools that can find wireless networks that aren’t broadcast, like insider. This step just makes it a little more difficult.
Tales from the Encrypt
Encrypt your router. Every modern router has an encryption option: navigate to your router’s settings (most routers use the 192.168.1.1 setting, which you access through your browser). From there, go to WPA-PSK, click on AES encryption and then enter a password key. Every device that logs on will need that key, so make it strong, but make it memorable so that all with access can easily connect. Password-cracking software can figure out weak keys by running an extensive algorithm. Something long (at least ten characters) is much harder to crack.
Use Guest Mode Carefully
Another great option on some routers is to use Guest Mode to let others in your household use the Internet while keeping them out of your inner network. The router may use the guest mode to create a separate Wi-Fi network with a separate password or passphrase to allow access. But you should still be judicious in assigning out a guest network. Just because they have a separate login, they’re still creating an open connection to your network. And that can let someone in without encrypting your data.
Watch Router Placement
Seems silly, but be careful where you place your router. A router placed in a basement away from the central computer or devices it serves may seem inconvenient, but a router placed near your kitchen window may broadcast your Wi-Fi signal outside your home, making it tempting for others to latch on to.
Filter Mac Addresses
Like SSID broadcasting, this is another area where a dedicated hacker can still find a way in, but it doesn’t hurt to make it harder for them. MAC addresses are physical numbers that correspond to devices that use your Wi-Fi signal. Every time a device connects to your router, it leaves a footprint—a MAC address or number that is unique to that device. You can go into your Wi-Fi settings and tell the router to only allow specific MAC addresses to connect. This is known as MAC filtering. There are pros and cons to this. The pro is that you can easily see what devices are connected (most router settings let you rename the device connected, so when you find the MAC address for your tablet or smartphone, you can rename it My Tablet or My Smartphone and easily see what’s connected). This also lets you see what devices you didn’t allow, and deny them access. The cons are that if someone finds the MAC address of even one of those devices, they have an instant tunnel into your network. And there is software, like Nmap, that lets you sniff out MAC addresses.
Most Important—Upgrade Your Router’s Firmware
This is one that most people don’t remember. A router’s firmware is a significant line of defense against hacking. A new router won’t necessarily be configured to ward off recent threats. So, when you get notified that there is a firmware upgrade, use it. In most cases, a firmware upgrade improves the product’s effectiveness, wards off recent threats, and fixes certain security loopholes. It’s an easy and foolproof way to help keep hackers at bay.
I didn’t get a chance to touch on Wi-Fi security for mobile devices, including how to secure yourself in public Wi-Fi spots and how most whole home Wi-Fi systems have better Wi-Fi protection for families, but not as stringent or as customizable as strong routers. Until then, drive your bus with confidence, and keep the doors shuttered with these tips.
11 Comments
Gotta say I and others may need a primer on what this is all about. read the article. All greek to me.
I love it when a hopelessly insecure padlock is used in an illustration for a security article. With instruction, practice and a couple pieces of bent metal, a nine-year-old can open that padlock in under 15 seconds. (Same for your house's front door, in most cases.)
Are you seriously upset at that a padlock is used to illustrate security?
Why isn't this more widely known? I would have taken steps right at set up.
It is, it's in the instructions and has been on the web for...well since Al Gore invented it.
All great suggestions. But using MACs to label only those devices your system can communicate with, along with the highest level of encryption, makes your system all-but impregnable. The "catch" to using MACs is that each new device usually requires updating the router's MAC list. It's no big deal.
I created a Mac list on my router. Problem for me is when the kids came over with their IPads, laptops etc. I had to add them to my list(or temporarily shut off that function) so I just turned it off.
Great article, very informative, a must read.
Extremely helpful and informative. Many thx!
thank you, very informative.
Hi,
Very informative, I had a new TV that had Wireless enabled on it from new that allowed a hacker in to steal 100GB of internet from us. Problem solved when I went into the TV setup & turned off the Wireless feature, I also chaned all my Router & PC passwords etc. No more hacker!