How to secure your home network

Most Internet Service Providers (“ISP”) make things pretty simple with an almost plug and play system. It’s recommended that even if you have a professional set up your home network, you should verify that the settings are appropriate.

Change the default Service Set Identified (“SSID”) or network name. Often the default gives away the brand of router which can help malicious actors attempt to gain access to your network. As an extra level of protection, you can opt to hide your network name entirely. This would prevent your network from appearing in a list of available nearby networks.

While you’re changing your SSID, be sure to change the default password as well. Default router passwords are often fairly easy to find on the internet. Remember to set a strong password since this is the key to your digital kingdom.

All wireless routers allow you to specify the type of encryption used. At a minimum, you want to make sure your router is using Wi-Fi Protected Access 2 (“WPA2”). Some newer routers will allow you to use an updated version of the encryption, WPA3.

Consider enabling a “guest” network, if your ISP offers this feature. This creates a separate network for anyone else in your home who needs internet access.

Be sure to turn off any “remote management” features. Some routers provided by your ISP have an option to allow remote access in order to facilitate things such as technical support. Leaving these features enabled can leave an open door for hackers. Disable and re-enable when needed.

When in doubt, just check for updates. Computers, operating systems and applications seem to constantly be getting patches. These are critical for protecting your network and data.  Patches are often responding to a vulnerability that’s either been made public or has already been exploited so it’s important to update all applicable devices and applications as soon as possible. This includes computers, phones, smart watches, televisions, baby monitors, doorbells, and so on.

Firewall & Anti-virus are critical, too. Newer versions of both Windows and Mac offer built in tools. Many ISPs offer free or discounted antivirus (e.g. Xfinity, Verizon Fios, Spectrum). Free solutions are also available but be sure to research products before installing. Questions about specific products can be directed to ERM@mass.gov.

If you’re not already using cloud storage for your files, there is no shortage of options, many at no cost. Many solutions will allow you to back up files automatically or on a set schedule. Check with your organization on the appropriate place to back up any work product (e.g. SharePoint, OneDrive).

Utilize a VPN when feasible. Many organizations provide such a service, offering an encrypted tunnel back to enterprise resources.

Privacy tools can be beneficial to use, even at home, such as Quad9. Quad9 is a free service that routes your web traffic through a secure network of servers around the globe, providing real-time information about what sites are safe and which ones may contain malware.

Disable Universal Plug and Play (‘UPnP’) when it’s not needed. UPnP is a feature that allows devices to connect to each other. The most common example of this is streaming a video from your computer to your TV. While convenient, UPnP can allow hackers to take control of devices remotely and spread malware to other devices.

Once you’ve established a baseline, monitor your network for suspicious activity such as unauthorized devices attempting to join your network. This can often be done through the admin console on your router.

Please remember that while the Enterprise Security Office is available to assist with specific questions about security policy and practices in the Commonwealth, neither we nor the CommonHelp team are able to troubleshoot home network issues. Please contact your specific ISP for assistance.