Your home Wi-Fi network is a prime place for cyberthieves to gain access to your personal information. Many consumer routers are highly insecure, and few people take the time to lock down their settings and minimize risk.
Here’s everything you need to know and do to secure your Wi-Fi.
Customize your router’s admin settings
The first thing you should do when you set up a new network — or right now, if you haven’t already — is to change your router’s administrative credentials.
Most routers ship with factory-default passwords that are easily found online, which makes the router the first thing a hacker will try when looking to access and control your network. Once a bad actor is logged into your router, your Wi-Fi (and everything connected to it) is no longer secure.
Follow current password best practices, which boil down to making your credentials long and complex. And don’t use the same password for both your router administration and your actual Wi-Fi network login.
Security experts also recommend disabling remote administrative access to your router, which prevents hackers from controlling or changing your settings from the internet. They’d have to connect directly to the router via Ethernet or your Wi-Fi network.
Finally, you can and should change your network name, also called the Service Set Identifier (SSID), from the default to something more unique. Don’t use any identifiable information such as your apartment number or birthdate. Changing the SSID in itself won’t prevent hacks, but it will keep strangers from easily discovering who owns your network.
Stop giving out your Wi-Fi password
Your network password, which you use to connect your devices to Wi-Fi, should also be long, complex and different from your router login.
“This not only eliminates your provider from knowing your password, but also prevents that password from falling into the wrong hands should your internet provider suffer a breach or a repairman glances at your router,” says Pieter VanIperen, a software engineer, security expert and partner with PWV Consultants in New York.
Once you’ve updated your network-access credentials, restrict the number of people who have access. Instead of giving out the password to everyone who comes over, set up a separate guest network for them to use, if that’s allowed by your router. Some routers even have features that will disable guest networks after a set amount of time.
A guest network is also the best way to separate your less-secure Internet of Things (IoT) devices from the computers, phones and tablets used to access your bank accounts and other sensitive data on your primary Wi-Fi network. Smart speakers, smart TVs, smart light bulbs and other IoT devices are more susceptible to security compromises.
Enable router encryption
Your router likely came with Wi-Fi Protected Access-2 (WPA2) encryption, which you can and should enable. Encryption scrambles your traffic and prevents eavesdropping so that only authorized users have access. Some new routers may have the even-stronger WPA3 — a new standard announced in 2018.
If your router has only the older encryption standard called Wired Equivalent Privacy (WEP), then it’s well past time to buy a new router.
Of course, you should also keep your router’s firmware up-to-date. Not all routers do this automatically, and we have a guide to updating your router manually, but regular updates ensure that known security holes are patched.
Use antivirus, antimalware and a VPN
Virtual private networks (VPNs) encrypt your traffic and mask your location and IP address from both hackers lurking nearby and your internet service provider. A VPN offers you an extra level of protection on top of built-in router encryption if a bad actor is hanging out on your network.
Likewise, using the best antivirus software on all of your devices can also help secure your Wi-Fi network.
“When a Wi-Fi network is attacked, you don’t notice, but what is noticed is when the attack tries to reach devices on the network,” VanIperen says. “Not only will this protect you, this will help detect devices that should not be there that are probing.”
Don’t get lulled into a false sense of security
There are other small steps you can take to protect your Wi-Fi network, but many provide a sense of security rather than real protection. That doesn’t mean you can’t use them, but they should be in addition to rather than instead of.
These include hiding your SSID from new devices and enabling Media Access Control (MAC) address filtering, which prevents unauthorized devices from accessing your network — in theory. But in practice, MAC addresses are easily spoofed.
As VanIperen says, there are a lot of “useless” things people do.
“It’s all generally, nonsense, and either has no impact [or] makes no real difference,” he said. “Bottom line: Use a long secure Wi-Fi password and don’t let untrusted devices on it.”
Use good cyber hygiene
Of course, securing your Wi-Fi network alone won’t keep your devices and data safe if your behavior opens doors for hackers to walk through. Follow online best practices to protect yourself.
For example, don’t click on links in email messages or open files sent via email, especially if the messages are unsolicited or from unknown senders. Doing so can lead you to accidentally reveal personal data or introduce malware onto your system.
Don’t provide any sensitive information — such as your phone number, your credit card number or even your date of birth — to a website unless it’s absolutely necessary and without carefully vetting the site. Even well-known websites can be spoofed, allowing cyberthieves to trick you into trusting them and stealing your data.
Finally, boost the security on any device that has access to your Wi-Fi network. Password-protect your phone, tablet, and computer; keep apps and software up to date; utilize antivirus software and VPNs; and take extra precautions to secure your devices against hackers.