Protect your data when you work from home
Here are some simple but important tasks to improve the security of your network.
By Swapnil Jain
15 April 2020
It is vital that when you are working from home to make sure that your WiFi is secured, only enabling a password on your home network is not enough. Here are some simple but important tasks to improve the security of your network.
1. Secure your home WiFi network
You probably have a WiFi router in your home to provide internet access to all of your family. Unlike physical networks, WiFi systems can extend beyond the walls of your home. Once the password for access gets out in the world, it is very difficult to control who can access your home network. Therefore, you need to consider implementing some changes and routines that protect you from intruders and snoopers.
2. Use a loooooong password
Hackers usually try brute-force to get your WiFi password. It becomes more difficult if the password is long enough. Just making it complicated won't help. Ideally, the password should be 20 characters long.
3. Limit access to the password
Although it seems reasonable to give wifi access to your children, their friends and your friends, you shouldn’t feel obliged to give out the password to everyone that enters your home. Someone who is on your property to perform a service, such as a plumber, a gardener, or a decorator doesn’t have the right to ask for the password to your WiFi. In these instances, you should be prepared to say “No.”
4. Change the router’s admin credentials
You can access the console of your router from any device connected to the network. Most manufacturers set up the administrator account on routers with the same username and password for every piece of equipment they sell. This is different from simply connecting to the network; it grants you control over the network configuration. With a bit of know-how, anyone connected to the router can guess or Google the login credentials. This makes your systems vulnerable to hackers.
If someone gets into the admin console, they can change the admin password and lock you out. The default username and password may be printed in a booklet that came in the box with the router or you may be able to find it in the support pages on the wifi manufacturer’s website. It might even be displayed on the login screen for the router. If you can’t find the username and password anywhere, look for your router in this list of default router administrator passwords. https://cirt.net/passwords
5. Change the network name
As explained in the previous section, router manufacturers produce the same settings for every item of a product line that they produce. Often, a manufacturer will install the exact same administration software on all of its router models. That consistency makes life easy for hackers.
Free network detection software lets hackers see all the surrounding WiFi networks. The hacker doesn’t need to know which home the signal comes from because he doesn’t need to break into your house in order to get into your network. Each network is identified by a name, called an SSID.
A hacker can use the information that appears in the SSID to look up the default username and password for the router with little effort. The below screenshot easily reveals that the router is Exetel or Huawei.
6. Change the SSID
So that it doesn’t give away the router brand or model. Don’t choose an identifier that includes your name, address, or telephone number. Don’t use any other personal information in the name. So, “18HowardAv,” “Lilian's Network,” and “Homenet-123123” are all bad ideas. Avoid making political statements, don’t use offensive language, and don’t provoke hackers with challenges in your SSID. Just make it bland.
7. Strengthen wifi encryption
WAP3 is the strongest encryption available today. But most of the devices still do not support it. WEP is the weakest, never never never use it. You should be using WiFi Protected Access 2 (WPA 2). Infact, you need a strengthened version of this system, which is called WPA2 AES. This uses the AES cipher to protect transmissions and the encryption method is impossible to crack.
Few more very important settings:
- Turn off Plug ‘n Play (UPnP)
- Turn off Remote Management
- Turn off WPS
- Keep the router firmware up to date
- Turn on the firewall
Take a backup of your router before making all these changes.
8. Turn off network discovery
Your work laptop should be hidden from other computers on your home network, to avoid the possibility of an intrusion.
On Windows 10, right-click the wifi icon on the bottom right, navigate to Network and Internet Settings, go to Sharing Settings, and then Turn Off Network Discovery under private & public. While in Sharing Settings, also disable file and printer sharing too. Please note, you will have to turn "file and printer sharing" on when you are in office or printing won't work.
9. NEVER, EVER connect to public WiFi
When considering whether to connect to the public WiFi network at your local coffee shop, library, airport, hotel, etc., I have two simple words of advice don’t and DON’T.
One of the biggest threats with free WiFi is the ability for hackers to position themselves between you and the connection point. So, instead of talking directly with the hotspot, you end up sending your information to the hacker. The hacker also has access to every piece of information you send out—emails, phone numbers, credit card information, business data, the list goes on. And once a hacker has that information, you’ve basically given them the keys to the kingdom.
However, despite numerous warnings, headlines, and efforts to educate, many people still don’t understand why connecting to free WiFi is an incredibly dangerous situation regardless of what you’re doing online. And while you may think ‘okay, I’m not checking my personal email or logging into my bank account, I’m just checking the sports scores,’ remember anything you do on a public WiFi network is NOT secure. Any information you share or access on these networks is as good as gone.
If you find yourself in a situation where you absolutely must connect to WiFi, use your phone hotspot.
Hope you find this information useful.
Be safe, stay informed.