As the world embraces a more remote workforce and many of us are enjoying the short commute to our home offices, it is important to point out that the network boundaries we typically rely on within the traditional office are now extending to our homes. What does this mean? How you configure your home wireless network can directly impact the security of your work and home computing devices and data.
Below are some tips that will help you keep secure while working at home:
- Always set a password and never use the default. By and large, most modern wireless routers force you to set a password when you are setting it up for the first time as part of the installation process. This is the password you’ll need to log into the wireless router to manage it. If that is not the case, ensure you set a password. Make sure it’s a strong, complex password and different from the password on any Guest wireless networks you might be using.
- Change the default SSID. An SSID (Service Set Identifier) is how the device broadcasts itself to the world so it can be found. Changing the default name will ensure that nobody within the airspace of the device knows what kind of router you have which may allow an attacker to compromise the device. Additionally, avoid making it too obvious who it belongs to. Better yet, disable the broadcasting of the SSID if you feel comfortable memorizing it. It’s just one less piece of data an attacker would need to access your network. Why make it easy for them?
- Enable the strongest version of WPA your devices will support. WPA or Wi-Fi Protected Access, is a security protocol used by wireless routers to secure communications between your devices and the wireless router. Not all devices support the most updated WPA versions (e.g., printers, etc.), but try to use the highest version of WPA you can – ideally, WPA2 or WPA3. If your wireless router only supports the older WEP (Wired Equivalent Privacy) protocol or any variation of WEP (WEP2, WEPlus, or Dynamic WEP), it’s time to retire that old wireless router as WEP is easily exploited.
- Disable remote administration if possible. Many newer devices use mobile applications to manage the devices, but if possible, try restrict remote administration and only manage the device with a physical cabled connection to the wireless router. It’s a bit old school, but why potentially open up your device to the world over the Internet for someone to try to access? Again, don’t make it easy for the bad guys to get in.
- Use the Guest network to segment untrusted or riskier devices from more valuable devices. Modern wireless routers often come with at least two networks that you can use. While most call it a “Guest” network you can use it however you want. I have three networks which I use to “segment” my devices from each other so that if my higher risk devices (e.g., kids’ devices, streaming devices, etc.) become compromised or infected by a virus, my other high-value devices are not on the same network and cannot communicate to the exploited device. I also use one of my networks for work devices; keeping them separate from my home networks.
- Keep it updated. Just like laptops, phones, and tablets, wireless routers need updates too. These provide improved functionality and often critical security updates. Most manufactures have a Support site where you can find the latest updates based on the model or software version running on your device.
- Enable the Firewall. Modern wireless routers have a firewall feature that allows you to block network traffic that is either not authorized or trusted. Many newer routers perform this functionality automatically, but on occasion you may want to block or allow something specific. Refer to your user manual for specific technical guidance for your brand of wireless router. Most manufacturers provide excellent guides on how to configure the firewall feature.
Stay safe out there!