Securing your internet router for work at home use

By Scott Checkoway

With many of us working from home due to the coronavirus pandemic, I wanted to share some tips on different ways to secure your home network.

1. Review the administrator password of the router

With many of us working from home due to the coronavirus pandemic, I wanted to share some tips on different ways to secure your home network.

If you were provided the router from your Internet provider, the password is likely under the router or printed on a sheet that came with it. Typically, that password is 10 or more characters and has letters, numbers, and symbols. If so then you can opt to keep it or change it.

If you purchased a router or have a separate modem and router, then they will have a default user ID and password, such as “admin” for the user ID and “admin” for the password. These passwords are not secure and should be changed immediately.

2. Wireless security

Change the SSID of your router. The SSID is what you see presented as the “name” of your Wi-Fi when you connect to it. If the router was set up out of the box, this is a great opportunity to change the name to something unique and different from everything else in the neighborhood.

Your router should have the option to hide the SSID of your main network—the name of the network that appears when your devices scan for Wi-Fi. If visitors can’t see this network then they can’t connect to it, but you’ll be able to add devices to it because you’ll know what it’s called. (And if you’re not sure or don’t remember, it’ll always be listed in your router settings.)

Two specific suggestions when setting up wireless security:

  1. Do not use a router name that is or could help identify your location.
  2. Enable WPA2 wireless security. WPA2 is the best local security you can have in your router, coupled with a password that has a unique set of letters, numbers and symbols.

If you want to test how secure the password you’re using, try this link: https://howsecureismypassword.net/. The passwords I use, for example, would take at least 7 quadrillion years to crack using a brute-force tool!

3. Firmware

Your router runs low-level software called firmware, which essentially controls everything the router does. It sets the security standards for your network, defines the rules about which devices can connect and so on. Some more modern routers update themselves in the background, but whatever model you have, it’s always worth making sure the firmware is up to date. This means you’ve got the latest bug fixes and security patches, and are protected against whatever exploits have just been discovered.

The process varies from router to router, but as with the password settings, the option to update your router’s firmware shouldn’t be too difficult to find within the router control panel.

4.  Additional security features (Remote Access, WPS, UPnP)

Many routers come with features designed to make remote access from outside your home easier, but unless you need admin-level access to your router from somewhere else, you can usually safely turn these features off from the router settings panel.

Another feature to look for is Universal Plug and Play (UPnP). This was designed to make it easier for devices like games consoles and smart TVs to access the web without making you wade through a lot of configuration screens. UPnP also can be used by malware programs to get high-level access to your router’s security settings. Keeping remote access and UPnP turned on won’t suddenly expose you to the worst of the internet, but if you want to be as safe as possible, turn them off. If it turns out that some of the apps and devices on your network rely on them, you can enable the features again without too much trouble.

You also should consider disabling Wi-Fi Protected Setup (WPS). This feature had good intentions, letting you connect new devices with a button push or a PIN code although that also makes it easier for unauthorized devices to gain access. A numerical PIN is easier to brute force attack than an alphanumerical password (feel free to test with the password tester link above). Unless you specifically need WPS, it is advisable to disable it.

5.  Guest network

If your router has the option of broadcasting a so-called guest network, take advantage of it. As the name suggests, it means you can grant your guests access to a Wi-Fi connection, without letting them get at the rest of your network—your smart devices in your home, the shared folders on your laptop, your printers, and so on.

It’s not like your friends and family are hackers in disguise, but letting them on your primary network means they might access a file that you’d rather they didn’t or inadvertently change a setting somewhere that causes you problems. It also puts another speed bump in the way of someone who is secretly trying to access your network without your permission: even if they’re able to get on the guest network, they won’t be able to take control of your other devices or your router.

Overall, it’s relatively simple to keep your home network safe. Keep your devices updated with the latest software, be picky about the apps, programs and browser extensions you install and protect your devices with long, difficult-to-guess passwords that are all different from each other.

Make sure your devices are protected by the appropriate security software, wherever possible. You’ve probably got a lot of devices connected to your router from phones to smart speakers to other smart devices and you need to keep all of them locked down and protected. As soon as you connect them to Wi-Fi they’re also connected to your router, which means they can all see and talk with each other. If a device doesn’t need Wi-Fi access, then disable it–you’ll be glad you did.

Scott Checkoway is chief information officer at MedeAnalytics.