Cyber security is a term that covers protecting networks, devices and data. These services are not just for businesses any more. These days, everyone is a target. If you have an internet connection, you should take measures to protect your data, money, credit and reputation.
Cyber Security for Your Home Network
Your network setup probably looks like one of the following options:
- Modem/Router/WiFi AP (Access Point) from ISP (Internet Service Provider)
- Modem/Router from ISP > your WiFi AP
- Modem from ISP > your Router > your Wifi AP (my setup)
- Modem from ISP > your Router/Wifi AP
If you also have a network switch for additional wired connections, it is likely connected to your router. I consider my setup above (option #3) the most secure of the 4 listed. If someone wanted to gain full access to my network they would have to hack multiple devices instead of just one combination box. The second best option would be option #4, followed by #2 and then #1.
ISP issued combination devices trade security for convenience. You should have your own router that allows you to customize security options. For most home users I recommend the Synology RT2600ac wireless router which fits the #4 option listed above.
Here is a list or changes to improve your network security. All passwords should be complex and not used anywhere else. Since your router might not have some of these options, just do as much as you can. Usernames, passwords and network names should not include any personal/identifiable information.
- Change default admin credentials
- Create a strong password
- Custom SSID (wireless network name)
- WiFi encryption; WPA2 AES
- If your WiFi does not show WPA2 as an option, it is time to upgrade your device
- Create a strong WiFi password
- Upgrade firmware on all network devices
- Manually on a schedule or automatically if your device allows it
- Disable remote access
- Only allow managing your devices from your network
- Disable access over WiFi
- Only allow managing your devices over wired connection
- Hide the network
- Do not broadcast your SSID
- Turn on firewall
- Separate network for IoT (Internet of Things) devices
- Keep your security cameras, TV’s, refrigerators, etc. separate from your computers and data
- Guest network
- For visitors
- Set router on 5GHz
- limits WiFi signal range to decrease chances of hackers finding your WiFi
- Disable or Limit WPS; button OK, code not
- WebUI over non-standard HTTPS port
- Disable ping, telnet, ssh, UPnP, HNAP
- Change router DNS to OpenDNS, Google or Cloudflare
- Disable DHCP?
- Mac address filtering
- Center WiFi device
- Try and keep your WiFi signal within your property
Cyber Security for Your Computers, Smartphones and Tablets
This group of devices is what you use day to day to browse the internet, do your banking, online shopping, etc. Here is where your valuable data resides and where it originates from. That is why you must protect it. Gaining access to your network and intercepting your data (section above) is one way to get to this information.
Using Malware, phishing emails/calls, exploiting OS and software vulnerabilities is another way to gain access to your data. The goal here is to gain access to your devices directly or trick you into giving the bad guys the data they are after.
Here is a list to help you protect these devices:
- Keep your Operating Systems (Windows, OSX, Android, etc.) up to date
- Enable automatic updates to patch security holes as soon as possible
- Update your software
- Uninstall old/unused software
- Use strong passwords
- Lock your smartphone’s home screen
- Use 2 Factor Authentication wherever possible
- Use Antivirus (on all devices)
- Keep it up to date
- Use a firewall
I use Avast Free Antivirus to keep my devices protected. You can install Avast on your PC, Mac, Android and iOS devices. I also have a free version of Malwarebytes for on demand scans that I run every couple of weeks. Both Avast and Malwarebytes keep trying to sell me upgrades though. If money is no object for you, either will be a good investment. I would recommend Malwarebytes over Avast just because I have used Malwarebytes longer. If you’re looking for a single security provider option that also protects your IoT devices (smart TVs, smart appliances, cameras, etc.) check out Avast Omni.
Cyber Security for Your Data
Both sections above are ways to protect your data by securing your devices. Here, we deal with data directly.
In case of ransomware (bad guys encrypt your data and you have to pay them to get it back), it is good to have a backup. Any backup is better than none but an offline/cloud backup combination would be best. Here is a post I wrote about backup if you would like to learn more.
If you have to share sensitive information over the internet, do so in a secure way. Be vigilant and suspicious even if requests for information seem to come from legitimate sources. If you get a call from your health insurer, asking to confirm or collect information, tell them you will call them back and then call their main number. You should originate any call that requires you to provide any sensitive information (if you’re talking to strangers).
- Backup your data
- onsite and offsite (cloud)
- Use a VPN on public WiFi
- encrypts traffic
- Use encrypted email when emailing sensitive info
- Limit and be aware of what you share online
- Reviews, posts, comments
Cost and Convenience
You have to weigh the costs vs the benefits of increased security to figure out how much time and money you are willing to invest into protecting your data. To be proactive and improve your security, costs could include expert help, new equipment, loss of convenience, etc. Monetarily, this could range between $300 – $1000 (depending on number of devices).
If you get a virus or malware infection, expert removal help is around $300 per device. If your bank account gets hacked it could cost you thousands. Same if someone opens credit cards in your name. Ask yourself two questions:
- What is my image/reputation worth?
- What do I have to lose?
To improve our security we have to give up some conveniences.
- using same password for multiple accounts
- emailing logins to friends and family
- simple passwords
- saving passwords in a document on your computer
- open/low security WiFi
- using public networks without a VPN
It is unrealistic to ever expect to be 100% secure. We implement these changes to our networks, devices and activities, to improve our odds of avoiding infections and hacks. We want to stay off the bad guys’ radar and we want them to turn their attention elsewhere because we are not worth the effort. Not all of us can just throw more money at protecting our data. We need to find a balance between what we are willing to spend to protect what we worked hard to earn.