Home network and device security

Attackers are constantly mapping the Internet of Things (IoT) devices connected to the home network with automated tools, and unprotected devices are taken over and often used for carrying out data thefts and cyber attacks.

Protecting your home Wi-Fi network is essential to avoid leaks of your personal and work-related data, loss of control over your devices, and the possibility of your devices being used for cyber attacks. Even a single unsecured IoT device could give an attacker the ability to manipulate all traffic in the network.

Recommendations for improving the security of your home network and devices

• Map all your own and your family’s devices connected to the home network (computers, TV and network devices, controlled vacuum cleaners, washing machines, and ovens, ‘smart’ light bulbs, domestic air conditioning devices, electronic door locks, etc.) and the usage needs of guests.
• Create a list of all the devices connected to your network and manage them intelligently:
  • Is it necessary to keep this device online, or does it only increase the risks? For example, do you need to control the washing machine over the internet? If keeping your device online is of no real value, it is worth turning off its smart functionality to reduce the risks.
  • are all the functions of the device necessary (e.g. remote access or, in the case of a smart TV, sending voice commands and forwarding usage information to the service provider)? If some functionalities are not needed and not used, it is worth turning them off to reduce the chance of attacks. It is also a good idea to turn off network connections (Wi-Fi, mobile internet, hotspot) when they are not used and turn them on only when they are in use.
  • Are all user accounts and access options still necessary?
• Set up your home Wi-Fi router and firewall
  • Make sure your router has a strong and unique password. Never use factory passwords (default passwords), as those are often common knowledge for the attacker.
  • Use WPA3 encryption if it is available on the router. If not, use WPA2 with a long and strong password.
  • Change the name of your home Wi-Fi network so it would not be associated with you. Do not use any reference to the owner in the name of the network, such as your name or address.
  • Modern Wi-Fi routers often include firewall functionality, which is worth configuring so that traffic in and out of the IoT device is clearly limited to the ports and protocols required. For more information, see the user manual of your router and, if necessary, contact the helpdesk of your service provider.
  • If you get stuck with configuration, check the user manual of your router or ask a more IT-savvy person for help.
• If you use many IoT devices and share your Wi-Fi with guests, we recommend segmenting your network by splitting it into virtual local area networks (VLANs). Virtual Local Area Networks (VLANs) can be assigned different permissions in a home router. The minimum segmentation could be as follows:
  • A network for critical systems (computers, smartphones, etc.). You could also configure your router through this network. You might want to think about creating a separate network for the devices of your children.
  • A network for IoT devices. A separate network or networks with limited access according to the type of equipment.
  • A network for guests. Guests can use this separate network for accessing the internet, but cannot do anything else in your network. They also have no way of introducing malware into your network.
  • If you get stuck, check the user manual of your router for instructions (if there is no manual, search the internet for the name and model of your device) or ask a more IT-savvy friend for help.
• Change the factory passwords on all devices and use strong passwords
  • The factory passwords on IoT devices are often common knowledge and vulnerable to an attack, so it is wise to replace them as soon as the device is purchased.
  • The general requirements for passwords are:
    • Passwords must be strong and unique for each device and network.
    • A strong password is at least 15 characters long, but preferably longer, and it includes upper- and lowercase letters, numbers, and special characters.
    • If you have a large number of passwords, you should use a password manager.
    • Read more: Passwords and two-factor authentication
• Update the software of the devices in your network
  • Update the software of your router regularly. Devices with outdated software often contain security vulnerabilities that attackers can exploit for their own benefit.
  • Update the software on all other devices in your home regularly. If possible, turn on automatic updates.
  • If a manufacturer no longer offers software updates for their device (for example, for an IoT device), it is worth removing it from the network.
• Download software and apps only from trusted sources, such as the official website of the software manufacturer or an app store (Google Play, Apple App Store).
• Back up your important data regularly. If something should happen to your device, you can restore your data with the help of the backup. For example, you could keep a backup on a flash drive or an external hard drive, not connected to your computer. Read more: Backups.
• If you are struggling with the configuration of your home network, ask a more IT-savvy relative for help or, if necessary, contact the helpdesk of your internet service provider.

Videos

1:33 min

How to protect home devices that are connected to Internet?