How to secure your home WiFi

Want to know how to protect the WiFi in your home or business? If you use these tips to secure your home WiFi from hackers, then you’ll be far ahead of most people.

1. Update your WiFi router firmware

Updating your WiFi router is critically important to having a safe WiFi network.

  • Every few years new WiFi exploits are discovered. In response, your router manufacturer releases new firmware to mitigate that exploit, but you need to install the new firmware manually. While some routers do this automatically, you should check to see whether yours does or not and take appropriate action.
  • This is not just about security, but about keeping up with changing technology. New firmware releases often introduce new features to increase compatibility with your other WiFi devices, and to make it work better in general.

2. Use strong WiFi encryption

Always use the most recent encryption standard.

Do use:

  • WPA2-Personal
    This is suitable for nearly everyone, including for residential and office use.
  • WPA2-Enterprise
    This is for corporate WiFi, used in conjunction with a RADIUS server. (If you don’t know what this is, don’t use it.)

Don’t use:

  • WEP
    This officially became outdated in 2003, and is very easy to hack.
  • WPA
    This officially became outdated in 2006.

Further reading: https://www.howtogeek.com/167783/htg-explains-the-difference-between-wep-wpa-and-wpa2-wireless-encryption-and-why-it-matters/

3. Use a secure WPA2 passphrase

It may seem stupidly obvious, but don’t use a password which is easy to guess!

Good passwords:

  • Contains whole words + numbers + symbols
    Example: !213Harry!
    Example: Gr3g@rious99
  • Multiple random words
    Example: RadioPlumSpider
    Example: TownGrateThree

Not so good:

  • Single words
    Example: chocolate
    Example: Bernard
  • Your address
    Example: 204Thorndon
    Example: 180Molesworth

4. Check for rogue Wi-Fi access points

If you ever browsed the nearby WiFi networks on your phone or laptop, you may have noticed one unfortunate thing: you don’t know who owns them.
The only way you can guess is by looking at the name of the WiFi network, but you still have no idea whether it’s run by a hacker, or whether it was set up by someone for wholesome purposes.

If you have a laptop running Windows or an iPhone or Android, and you want to know which nearby WiFi network is safe to use, then it’ll be mostly guesswork as to which you can consider as ‘safe’, and you should therefore treat them all as unsafe.

A hacker can easily sit in a cafe with a laptop and create a WiFi network which you could be tricked into joining.

If you see any nearby WiFi networks which have the same or similar names to yours, then someone may have set up a rogue WiFi network to target you or your customers.

This technique which hackers use, is to trick people into joining their WiFi network and, once you have, then hackers can do any number of things:

  • Access/hack your mobile phone, laptop or tablet, by injecting malicious code into your web requests whenever you try to access a website
  • Gain access to your mobile phone, laptop or tablet, by attacking any of the services running on them. Especially if you don’t have a firewall running.
  • Show you fake, cloned websites to trick you into entering your password details (Example: Your Internet banking site, Facebook, Gmail)
  • Monitor everything that you access

If you see any nearby WiFi networks which you suspect are malicious, then someone may have set up a rogue WiFi network.

5. Create a separate guest WiFi network

If you want to share your home Internet with someone, but you don’t trust their computer (maybe you suspect that their computer may have a computer virus), then one way to mitigate the risk is to create a guest WiFi network.

This will allow the suspected computer to access the Internet, but not the rest your home/office network, and will keep your own computers safe from theirs.

6. Change the guest WiFi password regularly

If you do set up a guest WiFi network then you might want to change the password regularly. Why? Because, over time, you’ll lose track of who you’ve given the password to.
If you don’t know who even has access to your Internet connection, then you could end up with a very big problem!

7. Hide your WiFi network
(‘Broadcast SSID’)

This option is suitable for paranoid people. There could be legitimate reasons for wanting to hide your WiFi network, but most of the time, and for most people there is no need, because your WiFi network should already be set up with a strong, difficult-to-guess passphrase.

Pros

  • Amateur hackers won’t see your WiFi network (but real hackers still can)
  • Business owners can provide a more professional look & experience to their customers by hiding their own office, staff WiFi network

Cons

  • You won’t be able to see your WiFi network
  • You’ll need to manually type in your WiFi network name when you first join a device to it

8. Enable MAC address authentication

This option is suitable for people who are very security-conscious. The way it woks is by allowing (or denying) specific devices based on the unique identifier of the WiFi adaptor inside a device, known as the MAC address.

It means that even when the correct WiFi password/passphrase is used to join the WiFi network, it will only work if the individual device has specifically been granted access. This makes it very secure and provides additional protection if your WiFi password were ever to be stolen or given to someone who shouldn’t have it.

  • For home use, you could use this to keep your kids from playing online games on their PlayStation or Xbox
  • For business use, you could use this if you don’t trust your staff to use your WiFi appropriately. (Perhaps they bring their family to work and decide to give their family members the WiFi password!)

9. Disable Wi-Fi Protected Setup (WPS)

WPS was created to make the process of joining a WiFi network easier but, with many things in computer security; the easier it is, the less secure it is.

In the earlier days of WiFi routers, this was a much more relevant problem. Today, it’s more of an optional extra, but I personally still like to do it — especially on any router which has been supplied to you by your Internet Service Provider (ISP), as those tend to have the worst security.

Further reading: https://nakedsecurity.sophos.com/2014/09/02/using-wps-may-be-even-more-dangerous/

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top