Secure your WIFI

Image of WIFI router's status lights

The basics to creating a secure home or small business WIFI network, you need to start by securing your Wi-Fi access point and or router (sometimes called a Wi-Fi router). This is the device that controls who and what can connect to your home network. Here are seven simple steps to securing your home Wi-Fi to create a far more secure home or small business network for you, your family, employees and clients.

Be aware that sometimes your internet service provider installs a very basic router with limited settings available to the consumer. In this case you might want to opt for installing your own more secure WIFI router that is attached to the router that they provide. A sample network layout is illustrated below.

Sample WIFI router topology

Focus on The Basics

Often the easiest way to connect to and configure your Wi-Fi device is while connected to your home network. Point your web browser to the specific IP address documented in your device’s manual (an example of this would be https://192.168.1.1 or https://10.1.10.0 or https://10.0.0.1 depending on your provider’s default setup), or use a utility or mobile app provided by your Wi-Fi device vendor.

  1. Change the Admin Password – Your Wi-Fi access point was most likely shipped with a default password for the administrator account that allows you to change the device configuration. Often these default passwords are publicly known, perhaps even posted on the Internet. Be sure to change the admin password to a unique, strong password, so only you have access to it. If your device allows it, change the admin username as well. It is a common tactic for scammers to drive slowly down a neighborhood looking for someone’s router that was left with the default password. From that point anything they do illegally will look to everyone else such as your service provider and authorities as coming out of a computer in your home.
  2. Create a Network Password – Configure your Wi-Fi network, so it has a unique, strong password as well (make sure it is different from your computer’s or device’s admin password). This way only people and devices you trust can join your home network. Consider using a password manager to select a strong password and to keep track of all of your passwords for you. We can provide a password generator that creates passwords as complex as you might need.
  3. Firmware Updates – Turn on automatic updating of your Wi-Fi access point’s operating system, often called firmware. This way you ensure your device is as secure as possible with the latest security options. If automatic updating is not an option on your Wi-Fi access point, periodically log into and check your device to see if any updates are available. If your device is no longer supported by the vendor, consider buying a new one that you can update to obtain the latest security features. See Step 7 after each firmware upgrade.
  4. Use a Guest Network – A guest network is a virtual separate network that your Wi-Fi access point can create. This means that your Wi-Fi access point actually has two networks. The primary network is the one that your trusted devices connect to, such as your computer, smartphone, or tablet devices. The guest network is what untrusted devices connect to, such as guests visiting your house or perhaps some of your personal smart home devices. When something connects to your guest network, it cannot see or communicate with any of your trusted personal devices connected to your primary network. In other words, your main WIFI account connects to all your computers, printers and the internet. The Guest account can only see the internet but nothing else in your network.
  5. Use Secure DNS Filtering – DNS is an internet-wide service that converts the names of websites into numeric addresses. It is what helps ensure your computer can connect to a website when you type in the website’s name. Wi-Fi access points typically use the default DNS server supplied by your internet service provider, but more secure alternatives are available for free from services such as OpenDNS, CloudFlare for Families, or Quad9 that can provide extra security by blocking malicious or other undesirable websites. Log into your Wi-Fi access point and change the DNS server address to a more secure alternative.
  6. Backup your Settings – Once you have completed all the settings on your WIFI router you need to remember to backup a copy of your configuration. Should your router fail and stop working when you replace it you wont have a need to reconfigure all the settings, you can just restore your settings backup.
  7. Check Attached Devices – If your WIFI router has the option to list “Attached Devices” take a look through the list and verify that you are aware of everything connected to your network. Ultimately, some routers have the option of allowing you to confirm each new device that connects.

Lastly while this part does not secure your network but your devices outside of your home or place of business, see if your WIFI router has the option of establishing a VPN (Virtual Private Network). This will make any WIFI communications on your cell phone or laptop travel inside an encrypted tunnel back to your WIFI router making it impossible for anyone to snoop on your device. If your router dose not provide the option you can consider using a third party provider for your VPN needs.

Securing your home or small business Wi-Fi access point is the first, and one of the most important, step in creating a secure network. For more information about securing your Wi-Fi access point, refer to the device’s manual, contact us or if your internet service provider provided your Wi-Fi device, contact them for more information on security features available to you.