Hacking in the real world is nothing like it’s depicted in films, with two people typing on a single keyboard and inputting dozens of lines of malicious code in seconds. Hackers are far more subtle, often targeting weaknesses like firmware or weak passwords. While businesses are the most common targets of these attacks, tech-savvy burglars are wising up to how a connected world could benefit them. For example, casing for valuables is much easier if you can hack into a home’s cameras.
What good is a home security system if you can disable it from the inside? As you add more smart devices to your home network, take the same precautions you would take with your personal computer. These seven steps will help everyone, even those who would prefer to avoid technology, protect their home networks.
1. Change the default admin name and password
When friends come over to visit, do you have to check the tag on the bottom of your router for the password? If so, then your network is not nearly secure enough. The default username and password are often “admin” and “password”—easy to remember and easy to set up, but also absurdly easy to hack. Keep in mind that even if the default password is complicated, it can often be found with a simple Google search. Changing the default username and password makes it much more difficult to gain access to your network.
Making the change is simple. First, type in your IP address in the URL window (you can find this by going to What Is My IP?) Next, type in the default username and password into the login box that appears. Select the “Administrative” or “Security” tab and then enter your new username and password. Keep in mind that the exact process will differ depending on the software and type of router you have, but the relative steps will be the same across the board.
2. Set a strong password
The standard rules for passwords are simple:
- A minimum of 12 characters
- A combination of numbers, symbols, and upper- and lowercase letters
- A word that isn’t in the dictionary or a series of dictionary words
- No obvious substitutions
That said, a password like [email protected] is everything but. The words used are spelled correctly, are in the proper order, and are even capitalized in a logical way. While it may have numbers, all are at the end of the password in an easily guessable sequence.
Here’s one trick to setting a strong, “random” password. Think of a sentence with meaning to you and use it as a mnemonic device. For example, use “I lost my last baby tooth on July 4 and received $50 from the tooth fairy,” then translate that into a password like “IlomlbtoJuly4&rec$50ftTF.” That’s 24 characters in a nearly random order. The most common type of hack is a brute-force attack; this type of hack starts at 0 and works its way through every possible combination of characters. Decrypting the above sequence through a brute-force attack would take one octillion years, according to the password-strength website HowSecureIsMyPassword.
3. Change the router name
Your router’s name is called the Service Set Identifier, or SSID. Even if you change your password and username to something more secure, a hacker can learn a lot of useful information just from the SSID, such as what type of router you have and its physical location. There are two SSIDs you should avoid: the default one, and any SSID that is on the list of the top 1,000 SSIDs. Your SSID should be just as unique as your password. That said, it doesn’t have to be hard to guess; the name should be unique, but not something that will readily identify your home.
The steps to change the SSID are the same as changing the login name and password. Log into the router, access the administrative tab, and then choose an SSID that fits your personal preferences.
4. Update the firmware on all devices
Just as you should perform regular software updates on your computer, you also need to update the firmware on your connected devices. Firmware is a piece of software permanently embedded in the hardware of the device, but that doesn’t mean it’s unchangeable—in fact, firmware updates are routine, and if a device has been on the market long enough, it may require an update out of the box.
Firmware updates serve to protect against significant threats and to repair glitches within the device. While the majority of firmware updates can be done automatically, you should still manually check at least once a month to see whether the device requires an update.
There are a few ways to do this, and the methods vary depending on the device. Keep the owner’s manuals in a safe place after opening your device so you can refer back to it when needed. The easiest way to check is to go into the settings menu of the device and check the firmware version, then tell the device to check for updates. Another way is to search for the latest firmware version and see if it matches up with your device’s current firmware. You can do this by typing in the name of your device and “latest firmware” into Google and checking the results.
5. Enable router encryption
Enabling router encryption will allow the devices on your network to communicate with encrypted traffic, which means that even if a hacker is able to view information, they will not be able to interpret it. The data will look like complete gibberish; only the receiving device will have the necessary key to “decode” the encrypted traffic. To a hacker, the information will be completely useless.
There are three primary types of router encryption: WEP, WPA, and WPA2. WEP stands for “wired equivalent protection” and is the oldest and least-secure form of encryption. While it’s better than no encryption, you shouldn’t use WEP under any circumstances. It’s not secure enough. WPA stands for “Wi-Fi protected access” and was created to replace WEP routers. WPA2 is the final version of WPA and by far the most secure choice; whenever a router is capable of it, you should always opt for WPA2 encryption.
6. Smartphone security
Your smartphone is the center of your universe. If someone with malicious intent gained access to your phone, whether by guessing your password or breaking into the device on an unsecure network, they would be able to access any device your phone was connected to, as well as pull information from your phone’s data logs for their own use. A skilled hacker could use your phone to learn your Wi-Fi password and even lock you out of your own network.
The first step is to set up a hard-to-guess pass code, as well as a failsafe; if someone guesses the code wrong a certain number of times, it will automatically wipe the data contained on the device. The second step is a bit harder to follow: stop connecting to public Wi-Fi. Even though it may be convenient, the majority of these networks are notoriously insecure, particularly in large areas like an airport or subway station. Third, shut down your Wi-Fi and Bluetooth capabilities unless you’re using them. Because these two signals are used to transmit data, a savvy hacker can connect to your phone and steal information from it. If you’re an Apple user, make sure you disable Airdrop, as well.
7. Secure the weakest point
Your Wi-Fi security is only as strong as the weakest link in the chain. Let’s say you follow all of these steps, but you forget to update the firmware on your smart toaster. A hacker could gain access to the entire network via that single device, given enough time. Create a checklist of all of the smart devices in your home and perform routine security checks on each of them, checking if the administrative credentials and firmware are updated. As an additional step, ensure that any devices you add to your network are supported by their companies and that the firmware is regularly updated against the latest threats.
Before purchasing any device to add to the internet of things, do your research. Devices that are poorly made (or knock-offs) are often easier to hack than name-brand products that receive regular updates and support.
Take a proactive approach to Wi-Fi security
The internet allows you to speak with people on the other side of the world in an instant. Personal devices control your schedule, alert you of upcoming events, and much more. These conveniences are all the marks of an exciting future, but just as people in the past learned to protect against thieves, you have to learn to protect against cyber criminals. Home security now extends beyond just the physical, but while it may seem overwhelming or scary, securing your home against cyber attacks doesn’t have to be difficult. Follow the above steps to keep your home as secure as possible.