Keeping your home network and data secure
The average family home now has over a dozen devices connected to the internet – laptops, tablets and phones, not to mention smart speakers, TV streaming boxes and newer ‘Internet of Things’ (IoT) devices. So, how can you take advantage of technology at home and keep it safe from hackers?
Short answer? You can’t. Well, at least not 100%. But there is a great deal you can do to make it much more difficult for hackers to attack.
Firstly, why do hackers do it?
Motivations differ, but it generally falls into a few camps. It could be as simple as wanting to gain access to your WIFI network to get free internet access, but often it’s for more nefarious reasons.
They may want to exploit a known vulnerability in a piece of equipment to use it as part of a larger attack. This could range from your PC to a security camera – in 2016 over 70,000 CCTV cameras spanning over 100 countries were compromised and reprogrammed to attack a single website, overwhelming it and taking it down – probably for either ransom or revenge. Hackers use automatic tools to ‘ping’ IP addresses, which every internet-connected device has, and then see if they respond to known vulnerabilities – once they get a hit, other tools then automatically infect the device so that it becomes part of a ‘bot net’ before moving onto the next IP address.
Alternatively, they could be looking to steal personal data to hijack your identity, to commit fraud in your name. Either way, you wouldn’t give a stranger free run of your house, so why would you do the same for your digital life? Let’s look at the steps you can take to harden your defences.
1. Patch, patch and patch
Patch 1: Your router
In the same way that your door locks are your first line of defence, your router/modem should be your starting point. Most people have a combined modem/router box, with the modem part talking to the internet and the router providing the cabled and WIFI access throughout your home. Some people (like myself) choose to have a dedicated modem box and a separate router. Providers such as BT and Virgin Media offer single box solutions, but dedicated routers can often deliver better WIFI coverage or enhanced features.
Start by going to the website of your modem/router’s website and search ‘firmware update’. This will give you instructions for how to update the core software of your router, to ensure that it includes the latest security patches. In 2017, for example, Netgear found a vulnerability in many of their high-end routers. A patch was released a few weeks later, however I suspect that there are still many routers that are still unpatched today, leaving the owners’ entire network potentially exposed.
Usually, you access the router settings by entering an IP address into your browser – something like 192.168.0.1. You’ll need to enter a password here, and if it’s still set to the default one then change it right now! Once logged in you’ll have various configuration options, one of which may be ‘Update’. Again, this differs between brands of router, but most of them follow a similar path. After it’s downloaded the update your router will install it and then reboot.
Patch 2: Your PCs
Windows-based PCs are generally the most vulnerable items on your network, so make sure that you run Windows Update. If you’re running Windows 10 then this is on by default. Note that both Windows XP and Vista are no longer supported, so you should definitely upgrade. Microsoft did release an XP patch for the ‘Wannacry’ ransomware back in May 2017, but their goodwill is unlikely to last forever for an OS released in 2001. MacOS is less vulnerable, but as its popularity grows, so does the hackers’ interest in compromising it, so ensure that you apply all updated when prompted. Linux is a little more complex, but chances are that if you’re using Linux you’ll know how to upgrade it – if not, Google is your friend!
In 2017 the Wannacry ransomware brought the NHS and many other organisations to their knees
Patch 3: Everything else!
Now you need to focus on all the other devices that are connected to your router. You may even not know/remember every single device! One way to see all the devices that are connected is to return to your Router’s browser-based control panel. Most routers will show you the devices that are connected. Some also offer a companion mobile application that provides a simple chart, showing each device. You can even tap on a device to view more information or even cut it off from the network – useful when you need to ‘concentrate the minds’ of children!
Go through the list, making sure that every device has been checked for security updates. The method will differ for each device, and if this is the first time you are doing it you may want to make notes, so that you (or someone else) can do it much quicker in the future. Many of today’s IoT devices will use the companion mobile app to check and apply updates, which makes life a lot easier.
Once you’ve patched all your devices make a note to at the very least perform this task once every few months, but wherever possible set devices to automatically update, which ensures you are always as protected as you can be.
Devices such as wireless printers or CCTV camers can be just as vulnerable as your PC.
2. Separate your WIFI networks
Many routers now offer the ability to create ‘Guest networks’ – this is a separate, ring-fenced wireless network that you could allow friends to connect to, safe in the knowledge that they couldn’t browse the network and view files that you might have shared on, say, your main PC. Why not also put ‘occasional’ internet devices such as consoles and smart speakers on it? This ensures that if they are compromised a hacker has no possibility to access sensitive data for your main computer(s).
3. Tweak your router
Check your router’s manual to see if it offers remote configuration from outside of your WIFI network – unless you absolutely need this, turn it off. Next, see if you are able to change the default access IP address – this will stop anyone that want to try to gain access to the control panel. Furthermore, if you have the option to automatically assign IP addresses between 192.168.0.1 to 192.168.0.100, you can then specify the router’s login screen to only allow access from a higher address – say, 192.168.0.150. If you later want to access the router screen you just have to change your PC’s IP address from the automatically assigned one to 192.168.0.150. Some routers offer ‘WPS’ – WIFI protected setup. This was compromised a few years ago and is rarely used nowadays, so if it’s there, disable it. There maybe many other services that your router has, such as UPnP, Telnet and SSH – chances are you won’t know if you need any of these features or not. If in doubt, contact your router supplier or see if they have support forums. It’s likely that someone else has asked if these features are needed or not.
If you really want to lock down what devices can connect to your WIFI network, you can also allow/deny access based on an item’s MAC address. Any device that wants to connect to WIFI will have this unique identifier, and you can set your router to either allow or block devices that connect. This means that for a friend to connect their phone you’d need to log into your router to authorise your device. The easier option in this scenario is to set up a separate guest network with fewer restrictions.
4. Hide your WIFI network name
By default, your router will broadcast your SSID, which is the name you see when connecting to the network. You should change it from the standard name to something else, as if it mentions the brand of router as part of the name then this gives potential hackers an idea of what the hardware might be, and therefore the ability to exploit known vulnerabilities. Next, disable broadcasting of the SSID. This will mean that your wireless network name won’t be displayed in a list and you’ll have to enter both the name and the password, but this is usually a one-time inconvenience.
5. Use a VPN
A Virtual Private Network effectively extends your ‘private’ network out onto the Internet, encrypting your connection and making it much more difficult (but not impossible) to track you and see what you’re doing online. There are free VPNs available, such as one built into the Opera web browser, but they are generally capped in terms of speed and/or amount of data you can use. If your serious about security, it’s worth paying for. A decent VPN will set you back around £50-60 per year. It’s also best to use a VPN when you are out and about, connecting to public WIFI that is often not even protected by standard encryption protocols. Note that installing VPN software on your PC, tablet and phone does not automatically protect other devices, so you may need to investigate placing a VPN (account) at the router level, to encrypt everything that leaves your home.
Tunnel Bear VPN offers a simple, clean interface, with various countries to choose from.
6. Be Private (when browsing)
All modern browsers offer a ‘Private browsing’ mode. Depending on the browser, this can prevent certain tracking functions such as cookies being saved and usually prevents your browser history from being saved after closing the window. It won’t hide your browsing history from an employer, but it’s useful as part of an overall strategy to make yourself less visible and traceable online. It can also stop that embarrassing problem of the internet tracking your browsing and then serving up appropriate adverts – many a marriage proposal has been scuppered after the potential bride-to-be has been served ads for engagement rings because the groom had been searching previously.
7. Ensure your Antivirus software is up-to-date
Virtually every new PC will be bundled with a trial for a paid-for Antivirus solution, but there are plenty of free ones, which in tests appear to work just as well. Avast (Avast.com) and Avira (avira.com) are two such products, both with free and paid-for version. You can further bolster your defences by using additional products such as Malwarebytes (malwarebytes.com). Again, they offer a free or paid-for version. Malwarebytes can often find things that other Antivirus systems miss, so it’s worth having it installed and running it occasionally. On a similar vein, on Windows PCs make sure that Windows Firewall is enabled – it is by default, but it’s worth checking.
8. Use encryption
If you’ve implemented a VPN then you’re already encrypting traffic leaving your router. For sensitive data saved on your PC/Mac you might want to consider the open source (and therefore free) Veracrypt (https://veracrypt.codeplex.com). Available for Windows, Mac and various versions of Linux, it allows you to create a military-grade encrypted ‘container’, which you mount and then access as if it were a USB stick e.g. as a new drive letter. You can then store all your sensitive files on there, safe in the knowledge that when you unmount the drive (either by right-clicking over the drive letter and selecting unmount, or by shutting down your PC) your files will be stored safely inside the container until you unlock it again.
9. Switch off the functions you don’t need
We covered this earlier with router features, but this can often extend to any device that connects to the Internet. Whether it’s a PC or a set of wireless lights, many items have internet-related functionality that you may not want or need. For example, if you have Philips Hue lighting system it’s possible to control them from anywhere in the world, but if you only want to operate them whilst on your local network then just don’t enable that feature – it’s one less potential security hole.
10. Turn devices off!
This might seem a little obvious, but a device can’t be hacked if it’s not powered up. In our household, consoles can go unused for days or weeks at a time. Powering them off not only further protects you but it also saves power. A Playstation 4 left on standby 24/7 will cost you around £40 per year. Amazon’s Echo speaker uses about 1/3rd of that, which may not sound much, but if you’ve got half a dozen devices that needn’t be powered on all the time you could save a tidy three figure sum over the course of a year just from flicking a switch.
11. Keep up-to-date
Sign up to any newsletters from manufacturers of any internet-connected products you have. That way, if any major security flaws happen in a product that you own you’ll be notified. Whenever you buy a new electronic item it invariably comes with a warranty card, or option to register online. Don’t dismiss this as just a marketing ploy to sell you more stuff (although that is part of the motive, of course). It’s in their interest to ensure that you remain a happy customer, and a hacked customer because of a security flaw is anything but!
12. Secure your passwords
Can you truthfully say that you use a different password for every site and device? No? Me neither. However, using a password manager can take the pain out of this. Products such as LastPass allow you to use ‘one password to rule them all’. Login with your master password to unlock your encrypted vault. Most password managers also have plugins for the web browser, so simply saving the password once on a website will automatically log you back in when you revisit, if you’ve already logged into the password manager first. They also have mobile apps, so a password saved on your PC is also accessible from your phone or tablet. If your phone has biometric support, you can log into websites using your finger or your face!
13. Prepare for the worst
If the unthinkable happens and your data gets wiped or encrypted with ransomware then it’s now all about damage limitation, and the only way to do this is to have a backup plan in place. Realistically, if you’re reading this and thinking ‘I must do a backup’, then you should know yourself well enough to know that it’s always going to be an area of weakness. Your best course of action is to set up an automated backup solution. They say that in a fire most people would choose to save their photo albums – nowadays your photos reside on hard discs, tablets and phones. A great solution here is in the form of Google Photos, now part of their Backup and Sync tool – they offer unlimited free backup of photos up to 16megapixels, and 5GB of free space for everything else. Just install Backup and Sync on your PC, and the Google Photos app on your iOS/Android device. If you want to store more data or keep your photos at a higher resolution than this then you’ll have to shell out a relatively small monthly fee for cloud storage, but many of today’s smartphones are at 16megapixels or below. Photos will take a big chunk of your backup needs out of the way. You don’t generally need to backup your applications, as you’ll often have original CDs or the ability to re-download them. Now it’s just a case of backing up your documents and emails. There are other cloud providers, and it may be that you already have space with them as part of another deal. Microsoft’s OneDrive expands to 1TB of space if you have an Office 365 subscription, for example.
A more robust solution is a dedicated cloud backup app, such as Carbonite or CrashPlan. These install onto your PC/Mac and silently run in the background, immediately backing up files as you save them. Furthermore, they offer incremental backups, allowing you to restore one or more files back to a specific point in time. The best thing about these options are that they are ‘install and forget’. If you know you are lax at backing up, then put one or more of these systems in place.
Is the cloud safe?
One concern that many have is giving all their sensitive files to be stored ‘in the cloud’. What if the cloud company gets hacked? Potentially that is a risk, but then so is a bank robbery – remember Hatton Garden? However, employing some of the above strategies such as good password management or using encrypted containers for sensitive files can add an extra layer of protection. If you want to take advantage of today’s technology you have to put your faith somewhere. Before you select a vendor do some research, and ask yourself ‘what would I do if they go offline tomorrow’. Always have a Plan B, and if possible, a Plan C. I personally use a combination of OneDrive syncing my PC to both my laptop and the cloud, plus a dedicated backup app. Periodically I’ll also backup all my files to a hard disc which is kept in a safe place, away from the main PC. There are those that have lost data and those that will lose data. I am in the former camp and do not plan to return to the latter!
The Internet of Things is the dawn of a new era of computing. I grew up when computers were making their first in-roads into the home and office – now they are ubiquitous. Companies are rushing to bring new and exciting product to market, but security is often an afterthought. However, if you can be disciplined enough to apply some or all of these suggestions you will shield yourself from all but the most persistent of hackers. Unless you are being specifically targeted hackers will always go for the 'low hanging fruit' - make it hard enough and they'll simply move onto the next victim.