How to secure your home WiFi

Want to know how to protect the WiFi in your home or business? If you use these tips to secure your home WiFi from hackers, then you’ll be far ahead of most people.

1. Update your WiFi router firmware

Updating your WiFi router is critically important to having a safe WiFi network.

  • Every few years new WiFi exploits are discovered. In response, your router manufacturer releases new firmware to mitigate that exploit, but you need to install the firmware manually (some routers do this automatically)
  • This is not just about security, but about keeping up with changing technology. New firmware releases often introduce new features to increase compatibility with your other WiFi devices, and to make it work better in general.

2. Use strong WiFi encryption

Always use the most recent encryption standard.

Do use:

  • WPA2-Personal
    This applies to nearly everyone, including home and office.
  • WPA2-Enterprise
    This is for corporate WiFi, used in conjunction with a RADIUS server. (If you don’t know what this is, don’t use it.)

Don’t use:

  • WEP
    This officially became outdated in 2003, and is very easy to hack.
  • WPA
    This officially became outdated in 2006.

Further reading: https://www.howtogeek.com/167783/htg-explains-the-difference-between-wep-wpa-and-wpa2-wireless-encryption-and-why-it-matters/

3. Use a secure WPA2 passphrase

It may seem stupidly obvious, but don’t use a password which is easy to guess!

Good passwords:

  • Contains whole words + numbers + symbols
    Example: !213Harry!
    Example: Gr3g@rious99
  • Multiple random words
    Example: RadioPlumSpider
    Example: TownGrateThree

Not so good:

  • Single words
    Example: chocolate
    Example: Bernard
  • Your address
    Example: 32Bradford

4. Check for rogue Wi-Fi access points

If you ever browsed the nearby WiFi networks, you will have noticed one unfortunate thing: you don’t know who owns them. The only way you can guess is by looking at the name of the WiFi network, but you still have no idea whether it’s run by a hacker, or whether it was set up by someone for wholesome purposes.

If you have a laptop running Windows or an iPhone or Android, and you want to know which nearby WiFi network is safe to use, then it’ll be mostly guesswork as to which you can consider as “safe”.

A hacker can easily sit in a cafe with a laptop and create a WiFi network which you could be tricked into joining.

If you see any nearby WiFi networks which have the same or similar names to yours, then someone may have set up a rogue WiFi network to target you or your customers.

This technique which hackers use, is to make people mistake the rogue WiFi network for your WiFi network, and join it. Once you have joined the rogue WiFi network, hackers can do any number of things:

  • Access/hack your mobile phone, laptop or tablet, by injecting malicious code into the web request whenever you try to access a website (it’s quite easy to do this!)
  • Gain access to your mobile phone, laptop or tablet, by attacking any of the services running on them. Especially if you don’t have a firewall running.
  • Show you fake, cloned websites to trick you into entering your password details (Example: Your Internet banking site, Facebook, Gmail)
  • Monitor everything that you access

If you see any nearby WiFi networks which you suspect are malicious, then someone may have set up a rogue WiFi network and may be targetting you.

5. Create a separate guest WiFi network

If you suspect that someone’s computer may have a computer virus or you don’t trust them, then one way to circumvent that is to create a guest WiFi network. This will allow the suspected computer to access the Internet, but not the rest your home/office network.
It keeps your own computers safe from any viruses which other people’s computers may have.

6. Change the guest WiFi password regularly

If you do set up a guest WiFi network then you might want to change the password regularly. Why? Because, over time, you’ll lose track of who you’ve given the password to.
If you don’t know who even has access to your Internet connection, then you could end up with a very big problem!

7. Hide your WiFi network
(‘Broadcast SSID’)

This option is suitable for paranoid people. There could be legitimate reasons for wanting to hide your WiFi network, but most of the time, and for most people there is no need, because your WiFi network should already be set up with a strong, difficult-to-guess passphrase.

Pros

  • Amateur hackers won’t see your WiFi network (but real hackers still can)
  • Business owners can provide a more professional look & experience to their customers by hiding their own office, staff WiFi network

Cons

  • You won’t be able to see your WiFi network
  • You’ll need to type in your WiFi network name when you first join a device to it

8. Enable MAC address authentication

This option is suitable for people who are very security-conscious. The way it woks is by allowing (or denying) specific devices based on the unique identifier of the WiFi adaptor inside each device, known as the MAC address.

It means that even when the correct WiFi password/passphrase is used to join the WiFi network, it will only work if the individual device has specifically been granted access. This makes it very secure and provides additional protection if your WiFi password were ever to be stolen or given to someone who shouldn’t have it.

  • For home use, you could use this to keep your kids from playing online games on their PlayStation or Xbox
  • For business use, you could use this if you don’t trust your staff to use your WiFi appropriately. (Perhaps they bring their family to work and decide to give their family members the WiFi password!)

9. Disable Wi-Fi Protected Setup (WPS)

In the earlier days of WiFi routers, this was a much more relevant problem. Today, it’s more of an optional extra, but I personally still like to do it — especially on any router which has been supplied to you by your Internet Service Provider, as those tend to have bad security.


Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top