Ten simple steps to secure your network while working from home

Many employees working from home will have a work laptop that uses a VPN to access the company network. Not everyone will have this luxury so you could be sending documents and sharing data in the clear. That makes having a secure home network more important than ever. It won’t prevent someone from accessing company data on the internet but it will prevent them accessing it from your WiFi.

Plus, with more people using WiFi than ever, securing your home network makes sense. Especially if you have more time at home with which to secure it.

Securing your home network

Securing your home network is actually very straightforward and can be done in less than 30 minutes.

You will be changing a couple of settings on your broadband router so will need the login for that before you begin. The router login will either be on a card that came with it or on a sticker on the side, bottom or rear of the router itself.

Once you have the router login, we can get on with securing it. Routers differ depending on manufacturer but will usually be accessed via a web page. There should be an IP address by the login details telling you what IP address to use. It is usually https://192.168.1.1 or https://192.168.0.1.

Type that address into a browser tab and enter your login when prompted. You should now load into the router’s configuration application.

It is from here that we secure your network.

Different routers have different names for menus and for menu sections. If you don’t recognize a menu mentioned here, look for something similar. All these settings will be on your router somewhere!

The process has several distinct steps.

1. Change the default login.
2. Change the SSID.
3. Change the WiFi access password.
4. Check the encryption level.
5. Turn off guest networks.
6. Disable WPS (WiFi Protected Setup).
7. Disable remote access.
8. Update the router.
9. Check the firewall.
10. Change the router IP address.

It’s important to save each change as you make it as the router cannot memorise all of them and apply them all at once. You can make several changes within the same page at once but as soon as you change the page, you will lose your modifications. Make sure to save each change before you switch configuration pages on your router.

1. Changing the default router login

All routers are provided with a default login at the factory so you can set it up when you get it home. Those logins are the same across that model of router and will be known by hackers. Changing it goes a long way to securing your network.

1. Open the Administration page on your router.
2. Change the username to something different.
3. Change the password to something different. Make it strong but memorable.
4. Save the changes.

Not all routers will allow you to change the username. If so, don’t worry. Just make the router password as difficult to guess as you can while keeping it memorable. Make it a passphrase and/or write it down somewhere safe.

2. Change the SSID

The SSID, Service Set Identifier, is the name you see when you look for WiFi at home. The ‘TalkTalk123’ or ‘SkyWiFi’ network name you see when looking for wireless on a device. While it doesn’t allow hackers to access your network, the SSID can identify the type of router you have. This is an advantage we want to remove.

1. Open the WiFi or Wireless page on your router.
2. Change the SSID to something else.
3. Save the change.

Don’t close the browser tab yet.

When changing SSID, don’t make it identifiable. Don’t change it to ‘SmithsWiFi’ or anything with a name in it. Give it a random name, give it a footballer’s or move star’s name or whatever you like. Just don’t make it identifiable.

3. Change the WiFi access password

When you join a new device onto your home network, you have to enter a password. If yours is still the default that came with the router, we need to change that right away.

1. Open the WiFi or Wireless page on your router.
2. Change the WiFi access password to something else.
3. Save the change.

Just like the login, make the password as complex as you can while remaining memorable. You will have to log in every device currently connected using the new password but once connected, everything should be back to normal.

4. Check the encryption level

While you’re in the WiFi settings of your router, check the encryption level. All newer routers should default to WPA2 AES encryption. This is the current secure default for home networks. If yours says WPS or anything other than WPA2, change it to WPA2.

If you see TKIP instead of AES, that’s okay but if you have the option to change it to AES, do so.

WPA is the old standard but is now obsolete. It is easy to crack and not supported by most network devices. WPA2 is much stronger and while a replacement for that is on the way, it is the current default encryption method for wireless.

5. Turn off guest networks

Guest networks are useful if you run a small business or want a network for yourself and one for flatmates or the kids. However they are also a potential security hole. If you don’t need a guest network, turn the setting off.

1. Open the WiFi or Wireless page on your router.
2. Find Guest Network and disable.
3. Save the change.

Guest Networks will either be activated using a checkbox or toggle. Use whatever is on your router to disable it.

6. Disable WPS (WiFi Protected Setup)

WPS (Wi-Fi Protected Setup) is a convenience measure that allows a login to your router using a button on the router or a PIN. WPS is known to be weak and therefore, insecure. We want to disable WPS right away.

1. Open the WiFi or Wireless page on your router.
2. Find WPS and disable.
3. Save the change.

If the WPS setting is not on the WiFi page, it may be on the Networks or Administration page. Most routers have WPS so it will be there somewhere!

7. Disable remote access

Remote access is there to allow IT support techs to help troubleshoot your router. We don’t want that kind of access enabled permanently so let us turn it off. It’s an open door to hackers so removing it will help improve security.

1. Navigate to Administration or where you see the option for remote access.
2. Toggle it off or uncheck the box next to it.
3. Save the change.

You can always enable it in the future should you need to by reversing the steps above.

8. Update the router

Like your computer or phone, router manufacturers often release updates to improve security, fix bugs and offer new features. They aren’t released anywhere near as often as Windows updates for example, but make it a habit to check for updates monthly. Or set the router to automatically check for updates.

1. Open the Administration page on your router.
2. Look for the Update setting.
3. Enable automatic updates if you have the option.
4. Select Check For Updates if you don’t.

Allow the router to download and apply the update if it finds one. Give it time to reboot and log in again when you can.

9. Check the firewall

Most routers come with a firewall installed and enabled by default. As a primary protection against hackers, it makes sense to check it while you’re logged in. We are looking to make sure the firewall is enabled.

1. Open the Network or Security page on your router.
2. Navigate to the Firewall section and make sure the firewall is enabled.

10. Change the router IP address

This final tip is optional but can add an extra element of security to your home network. You will know by now that you log into your router using https://192.168.1.1 or https://192.168.0.1. Trouble is, everyone knows this is the address to log into routers. Changing it can make it a little more secure.

1. Navigate to the Network and/or LAN page on your router.
2. Change the router IP address where you see http://192.168.1.1 or http://192.168.0.1.
3. Save the change.

Once you save the change you will likely be kicked out of the application and will need to log into your router again using the new IP address you just entered.

Your router may only allow you to change the IP address within a certain range. That’s fine. As long as your router is no longer https://192.168.1.1 or https://192.168.0.1, it will avoid the majority of network scanners hackers use to identify routers or home networks.

That’s it!

Your home network will now be many times more secure than it was an hour ago. It isn’t impenetrable as there is no such thing, but you have secured it way above the vast majority of other home networks out there. Time well spent methinks!