5 Free and Simple Changes to Secure Your Home Router
If you’re like most people who run a business from home, you were probably the one to set up your router and Wi-Fi. You diligently set things up following the manufacturer’s instructions (you did read the manual, yes?). Well, since you’re reading this, I’m also going to assume that you are connected to the internet and things are running fine.
So why do anything more?
Because it is the minimum you can do and that is what everyone else does. The likelihood of you being hacked is then the same as for everyone else and those are not good odds. It’s just luck that you haven’t been hacked yet. Let me explain why.
Hackers aren’t searching for you, but they use systems to do this for them – very powerful ones – that can scan for thousands of vulnerabilities on thousands of home networks at a time. When those systems find one, then they alert the hacker – actually it is usually a team of hackers, but I digress. The point is that it’s only a matter of time before a vulnerability is noticed by someone who lives just to ruin your life.
Setting up your network according to the manufacturer’s recommendations was the bare minimum. It is an easily hackable minimum that makes you just as vulnerable as everyone else. What you want is to not be that easy target, so that those system scans bypass you and move on to easier suckers (like your competition).
What you want is to become less noticeable. That is something you can do by changing some simple settings with your router’s administration utility. So, let’s log in to your router and do just that. Wait, did you change the default password? No?
OK, so here are SIX Settings To Change To Secure Your Home/Business Router…
P.S. This article is not about a specific make or model of router and the images in this article are from several popular ones. However, it is possible that not all these options will be found on your home router, but they are fairly common features that most routers should have. If your router lacks most of these, I would also recommend an upgrade to a newer model, so that you do have greater security.
1. Change your passwords
The password that you first used to log into your router, the one that was set at the factory, is not secure. As a matter of fact, there are hacker lists you can search through online to find all the default passwords from all the router manufacturers. That is probably the first and most obvious thing those scanners will find.
So change your password. Pick something good. If you can’t think of something, look on that pack of twinkies on your desk, pick the longest ingredient and misspell it… very badly then add some numbers and funny characters to it. If you need a more systematic process, check out my article How to Create a Great Password.
While you’re changing the admin password, also take a look at your Wi-Fi passwords. I’m guessing they could use some more complexity too. Most routers have both 2.4GHz and 5GHz networks, so change them both… and use different passwords for each.
2. Hide your network name
Your Wi-Fi has a name, also called a Service Set Identifier or SSID. It’s what allows new devices to scan your wireless network and find it. It’s what shows up on your phone when you search for different networks to connect to.
Ever notice all those other networks that aren’t yours? Some below to your neighbors, and you probably notice others when you go to the mall. You may have tried to connect to some of them, and maybe you even got lucky, guessed your neighbor’s password, and got onto their Wi-Fi. See how easy that was?
Now imagine if a talented hacker found your network. Maybe you named your something tempting like “The One Ring” or “TPLinkAC1750” Yeah, you’re just asking for someone angry enough to come knocking on your door. It’s actually very common and it even as a name: “wardriving.” Yes, it sounds bad, and you don’t want to be “wardriven.”
The simple solution is to stop broadcasting your SSID name. Your router admin utility likely has a little checkbox or slider to turn that off. Do it right now. It won’t mean that your network won’t be accessible, it will just mean that to access it, you’ll need to type in the name.
Now you may have some devices that will have trouble with this or won’t allow you to enter a name, but if you do, then you should probably upgrade that device. Most modern devices from home thermostats to HT Receivers will allow you to enter the name. It’s a bit more work, but it is a quick and simple way to be less noticed.
Sure, hackers can also scan for hidden names, but that is a bit more difficult and time consuming. It also will indicate that you aren’t going to be welcoming them in, so they’ll likely move on to easier targets.
3. Upgrade your Firmware
What is firmware? It’s the latest patch for the software that runs your router. The most likely reason there’s an update for the firmware is that a vulnerability (i.e., a security hole) was found in the previous software version and it needs an update to patch the vulnerability.
You want to do this. Most routers will allow you to do this from within the management utility so it’s just a matter of a few clicks to check if there is a new version and then to install it. So do that right now.
A word of caution: updating firmware will likely require a re-start of the router which can take a few minutes. Since this is the way you connect to the internet, then it will temporarily disconnect you. That means that your Spotify music might stop, and your computer will be disconnected briefly, and if you’re reading this in a web browser right now, this page may freeze.
OK, but that is a small price to pay for the added security. If a hacker disconnected you from the internet, or worse, re-directed you to a black web site, you would be far more inconvenienced. So upgrade that firmware.
4. Configure your Firewall
Your router most likely has a firewall and you’ve enabled it, right? No? …OK, so this is going to be SEVEN Settings To Change To Secure Your Home/Business Router… In all seriousness, if your router has a built-in firewall (most do), then enable it.
The firewall is like a lock on your front door – every house needs one. Now let’s turn the locks on that front door... that is, let’s change some of the default settings on the firewall. Why have them if you’re not going to use them, right?
Under advanced settings, there is a feature called Web Management or Remote Management. This allows other people on the internet to remotely manage your router. You don’t want that. You don’t need that. It’s not safe and would be far to enticing to a hacker. So turn that off.
Another thing you should turn off is anything called “Cloud Sharing.” Anything with the word “cloud” in it should be suspect, but what this does is allow access to devices connected to your network from the outside. You may have a network share on one of your computers that is accessible from other computers. With Cloud Sharing, it’s now also accessible to the internet.
Some routers also allow you to connect a storage drive or a printer directly to the router. Cloud access would allow access to that device from the internet. Sure, you might think that a printer can’t do much harm. It can. Most modern printers actually have complete computers inside of them that can be controlled and manipulated from the outside – like copying whatever you print to another printer far away. You really don’t want that.
Did you know that the firewall is monitoring every connection to your network from the outside? Think of it as a smart lock on your front door that also knows when windows are open. Those other connections are called ports and over time, we leave some of them open. Sometimes applications open them for us. If you aren’t using that port, you need to close it, just as you would close that window.
Next, look for a setting called Port Forwarding. If there are any ports listed on that page, you should turn them off. Chances are, you didn’t even know they were open. So, close them – you probably don’t use them anyhow.
Finally, turn of Ping. What’s Ping? It’s a universal feature that allows you to see if something exists. So, if Ping is active on your router, scanners can use that to see if you’re there. Kind of like knocking on your door and listening if they can hear anything. It’s creepy, yes, so turn it off. Look for a setting that mentions the word “Ping” and turn it off.
All these settings should be under your firewall configuration, but they may hide under some other menu. Most router management utilities also have a search feature, so you can use that to search for the terms mentioned above (in italics).
5. Isolate untrustworthy people and devices
There will inevitably be devices on your network that you don’t trust. Your teen-aged kid’s friends, that work colleague who just needs to demo his new website, or that in-law that overstays his welcome every Thanksgiving. You also may have that off-brand music streamer that you don’t trust, but you really want to try out.
They will want access to your network, but you really don’t trust them. What do you do? Ideally, you need a separate network, completely isolated from yours, but that still gives them access to the internet. This is typically done with more advanced utilities like Virtual Local Area Networks or VLANS, but that is beyond the scope of this article.
Fortunately, most routers have a way to do this that is similar. It’s called a Guest Network. You should be able to enable this feature on your router as well. It will create a separate wireless network that is not connected to your network in any other way.
Most routers will leave this disabled by default, but if you need it, why not enable it? You could just use it temporarily for when you have a party, or you could leave it on for using those devices you don’t trust so much.
When you enable it, you might have additional security features such as hiding the SSID (see tip #2). If so, you should also enable that. Another option is to not allow the devices on the guest network to see each other. You should enable that too. There also may be a setting to set a time or bandwidth limit on each device in the guest network, or as in the picture above, how many guests are allowed. If this is for a party, ending access to the network after 2am, is probably a good idea.
Finally, you should rename the guest network so that it does not have the name “guest” in it. It shouldn’t have the name of the company that makes your router either. Most default guest networks use the name of manufacturer and the word guest. Change that.
You don’t want to give hackers any clues as to what they are connecting too. Guest networks are typically less secure because often people think that it’s just for guests, so it does not need to be. Gues networks also have certain parameters that are standardized that hackers know to look for. So don’t help hackers by making anything easier for them.
Conclusion
These are very basic things you can do to secure your router. There is far more that can be done, of course, but these are free, and they are fairly simple to implement. More importantly they are rarely implemented.
Almost all the small businesses that I’ve worked with or who’s owners I have met neglected some or all these simple settings. This is not a critique; small business owners are busy, and security can drop to the bottom of the list of things to do. I get it.
That’s why I wrote this article. In the time it took you to read this, you should be able to implement every step here. As a matter of fact, use it as a step-by-step guide. So, sit down at a computer on your network, log into your firewall and change these settings.
Network security is one area where you don’t want your business to stand out. Keep your outreach for your website and social media accounts – those companies have their own security measures. For your home business network, you want hackers pass your network by.
