Harden your home security
Cyber criminals and hackers continue to increase the sophistication of their attacks to infiltrate organizations and obtain sensitive data. Because of this, organizations are continuously improving offensive and defensive protection measures by implementing more restrictive policies and their hardening network perimeters. Instead of participating in this digital arms race of technology and tools, many cyber criminals and hackers are instead choosing targets that have outdated defensive capabilities, such as hospitals, schools, local governments, and other parts of our public infrastructure. Hackers are always looking for new networks with more lax security controls, and the next goldmine is home networks.
The value of a home network comes from the ease of targeting multiple home networks, a better chance of persisting within that network, and the possibility to use the home network to worm into a large corporation. Within the past year, many different phishing campaigns started by targeting officials’ personal email accounts instead of their work emails. The phishing emails that target individuals are also much more targeted, more realistic, and sophisticated. Hackers can create these sophisticated phishing emails by doing background research, which can happen by looking at their social media presence, profile information from data breaches, or even by buying targeted advertisement profiles.
Just as organizations improve their cybersecurity tools to repel cyberattacks, individuals can do the same to protect their personal information. Take the following steps to harden your home defense:
- Turn on multifactor authentication.
- Use a unique username / password credentials on all of your accounts.
- Track your credentials across multiple websites using a password manager.
- Enable passwords to connect to your home Wi-Fi and make sure it uses WPA2 or WPA3 encryption.
- Make sure all of your devices are patched and up to date — computers, peripheral machines, and smart devices.
Multifactor authentication differs between services, so it’s important to become familiar with the multiple ways it can function. For example, in addition to your password, you might also require a pin number texted to your phone or provided by an authentication service like Google Authenticator. Enabling multifactor authentication differs between services, but usually you will need to go to the account’s settings and look at the password settings, which might fall under a tab labeled “password security,” “account security,” “login options,” or something similar.
Password managers can be phone or desktop applications, browser plugins, or a combination of all three. These services allow you to record your credentials to multiple sites so you only need to remember the credentials for the password manager instead of remembering unique login information across all of your accounts. There are plenty of options to choose from when picking a password manager, so look around and find which is most convenient for you.
Your home router uses encryption so that people outside of your network can't intercept and read your messages. These encryption protocols, Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA), aren't created equal. WEP is the older encryption protocol, and the algorithm it uses for creating unique keys isn't long enough to be considered secure by today's standards. If WEP is your selected encryption protocol, a hacker could use all sorts of programs that could brute force their way into network. In order to disable WEP on your home network and enable strong encryption like WPA2 and WPA3, look up instructions from your internet service provider. Each provider has their own way of adjusting network security, so browse through their support pages to find guides on wireless network configurations.
Keeping up to date with patches and security updates isn't just for your operating systems. Applications and software go through several security patches, as well as network equipment, Internet of Things (IoT) devices, and computer peripherals. Security patches are some of the easiest steps to take to secure your system and can be the most devastating to ignore. Most of the more serious ransomware attacks were carried out on systems that had pushed back software security updates. Most desktop operating systems and software updates will either automatically update or inform you when they have updates, so don't defer these patches and upgrade as soon as possible.
For more advanced security recommendations, you might also want to configure IoT devices on a separate network. IoT devices require more maintenance to keep secure, as they receive less security updates, most have factory set credentials, and it can be difficult or inconvenient for the device owner to find out how to install updates and customize credentials. This means that, while it would need to be targeted, an IoT device can allow a hacker a weak attack surface into your network. Having these devices on a separate network alleviates many of their security issues, but many IoT devices require a local area connection in order to function. While it's possible that you can set them up with VLAN and forwarding configurations, this solution requires a prohibitive amount of technical knowledge. In the end, it's up to the device owners to find make the decisions on amount of risk they are comfortable with and what they are able to implement.
It only takes a single slip up for a hacker to enter your network, but taking the steps to remain cyber secure is an easy road to walk.
