MACH37 Cybersecurity Guide: Securing Your Home Network and Staying Safe on Public Wi-Fi

Key Takeaways

  • You can secure your home network by configuring your routing device to include firewall capabilities, encryption, and a separate guest network.

  • While outside the home, you should avoid public Wi-Fi by using cellular service on your mobile phone or using a VPN.

  • While on the internet you should make sure to visit sites using HTTPS, avoid using your debit card, and consider add-on features to prevent malware downloads

This post will begin a series on how to be more cyber aware and cyber secure. In the first half of 2021, about 118 million individuals have been impacted by cybercrime and the losses to identity theft are forecasted to reach $721 billion. The truth is that everyone connected to the internet is a target of cybercrime and your personal cyber practices can prevent a large majority of attacks. 

Security decisions (sometimes) are a tradeoff with convenience. Your security / convenience preference is a personal choice. The important thing is to make that choice consciously. Some practices explained in this post should be used by everyone, but you do not need to implement everything mentioned in this blog. The idea of this post is to show you what can be done, and you can decide based on your desired security level what to implement.

In this blog, we will cover all things Wi-Fi: how to defend your home network, how to be safe on public Wi-Fi, and when to use a VPN. 

Home Network Recommendations

Take control

Your Internet Service Provider (ISP) may provide a modem/router as part of your service contract. To

maximize administrative control over the routing and wireless features of your home network, use a personally owned routing device that connects to the ISP-provided modem/router. This will allow you to better personalize your home security. For example, you can use modern router features to create a separate wireless network for guests. It is easy to create a separate network for your guests in your home and then provide them a passphrase, this limits the amount of people who know the password to your personal network. 

Use firewall capabilities

Ensure your personally-owned routing device supports basic firewall capabilities. Verify that it includes Network Address Translation (NAT) to prevent internal systems from being scanned at the network boundary. Wireless Access Points (WAPs)  generally do not provide these capabilities, so it may be necessary to purchase a router. If your ISP supports IPv6, ensure your router supports IPv6 firewall capabilities. A hardware router monitors all incoming and outgoing Internet traffic. Most wired and wireless routers sold today feature a firewall right out of the box that you can enable.

Implement WPA2 for encryption

If you are like most people, your home wireless router probably is running without any encryption whatsoever, and you are a sitting duck for someone to easily view your network traffic.To keep your wireless communication confidential, ensure your personal or ISP-provided WAP is using Wi-Fi Protected Access 2 (WPA2). 

WPA2 is a security method for wireless networks that provides stronger data protection and network access control. When configuring WPA2, use a strong passphrase of 20 characters or more. Note that some computers may not support WPA2 and require a software or hardware upgrade. 

Staying Safe Outside the Home

Many establishments, such as coffee shops, hotels, and airports, offer Wi-Fi networks for customers. Because the underlying infrastructure of these is unknown and security is often weak, these hotspots are susceptible to hacker activity. Public Wi-Fi is a hacker’s paradise for identity theft

If you have a need to access the Internet while away from home, avoid direct use of public Wi-Fi. If possible, use your mobile phone (that is, hotspot, 3G, 4G, or 5G services) to connect to the Internet instead of public hotspots. If public Wi-Fi must be used, then use a trusted virtual private network (VPN). This option can protect your connection from malicious activities and monitoring. A VPN creates an encrypted “tunnel” that encrypts the data you send and receive. 

Using a VPN is like any other software service: you shop around for a VPN provider, pick the one you like, then install their app from their website, and start using it. Here is a great blog for selecting and setting up a VPN.

Other best practices when connected to the Internet

Other ways to practice good cyber hygiene when connected to the Internet include:

  • Always looking for that padlock icon in your web browser. That padlock indicates a secure communication channel between the browser and the server on which the website is hosted. It signifies that the connection to the website is encrypted using HTTPS and has an SSL/TLS certificate. While it does not mean the site is safe to use, it does mean that the connection to the site is secure.

  • Avoid visiting unknown websites or downloading software from untrusted sources. These sites often host malware that will automatically install (often silently) and compromise your computer.

  • ISO recommends using Click-to-Play(link is external) or NoScript(link is external), browser add-on features that prevent the automatic download of plug-in content (e.g., Java, Flash) and scripts that can harbor malicious code. 

  • Avoid using debit cards online, use a credit card or online payment method like PayPal. A debit card doesn’t have the same legal protections that a credit card does. With a credit card, you are not responsible for unauthorized charges under federal law if your credit card number is stolen. If you don’t report a debit card stolen within 60 days, you face potential unlimited damage if someone uses your ATM or debit card without your permission.

  • Don't save payment information on websites. If that website is compromised, then your payment information will be as well. This is a classic security / convenience compromise.

Conclusion

Network defense begins at home with firewalls and encryption. Using your own routing device can allow you to customize your home security. Outside the home, try to use your mobile phone or a VPN instead of direct use of public Wi-Fi. In general, when using the Internet try to stay on trusted websites and be careful about which payment information you use. Your network is the first line of defense to prevent hackers from ever getting to your device.