1. Use WPA2 or WPA3 but not WEP encryption
WPA2 has become the industry standard. If you access your router settings you’ll likely see 4 options: Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), version 2 (WPA2), and version 3 (WPA3). As the oldest, WEP encryption is somewhat out of date. WPA2 is the industry standard. WPA3 covers up some security gaps in WPA2.
2. Disable WPS, uPnP, and NAT-PMP
WPS stands for Wi-Fi Protected set-up. It’s essentially administrative access for your router. Someone simply needs to look at some settings on your router. With a snapshot of the numbers on your router, they have a free pass to your wi-fi network. This essentially lets them bypass any password you set up and get right onto your network. If possible, avoid routers that support WPS as they can be a beacon to enterprising hackers.
UPnP and Nat-PMP are essentially the same things. UPnP, or Universal Plug-n-Play, was developed by Microsoft and Nat-PMP, or NAT Port Mapping Protocol, was developed by Apple. These essentially allow for universal plug-n-play, which gives devices access to your Wi-Fi network. This setting gives devices a free pass to your network. The problem is that these devices can be hacked. Even light bulbs can be hacked. These three settings all give access to your network and while they can make setting up a new device easier, it also makes hacking you much easier too.
3. Disable WAN Administrator Access
WAN stands for Wide Area Network (WAN). WAN Admin settings can allow for remote management or for a remote admin. This allows someone to remotely access your router. This is another opportunity for someone to find their way onto your router and potentially make changes to lock you out. The more control you have over your router the better. After all, you don’t need some disgruntled Time Warner employee stealing your identity because of a simple setting.
4. Change SSID Name
This is a general part of the router setup. You’ll want to give your router a name. But it’s best to try and keep it from being easily identified as you. Avoid using your name, address, the router brand, and of course the system default. You’ll also want to avoid anything too provocative like listing the FBI, NSA, or something that might make you a target. We can often ignore Wi-Fi networks in our rush to connect to the Internet. But cybercriminals get off on combing the net looking to start trouble or scam some cash. The lower profile and harder to crack your network name, the better.
5. Change the Default WiFi Password
Your Internet technician will likely not want to take the extra few minutes to help you change this. But some Wi-Fi passwords are defaults that are way too easily found out. If you leave your router with the default password it’s more likely someone can find the password and get onto your network vs. it remaining completely safe. Over time, this information can find its way online, on the dark web, or become part of a breach. You might not even know that you were hacked. In 2020, a hacker leaked passwords for more than 500,000 servers, routers, and IoT devices.
6. Make Admin Password Different than the WiFi Password
Password safety 101 is to never use the same password twice. In general, you don’t want an account with admin access to have the same password as what you use for general use. This can be accounts on your computer, log-ins for your business, and even your Wi-Fi. Since you may end up deep diving to be able to change all of these, be sure to figure out how to ensure that the administrator password is different from your standard network password. You wouldn’t want everyone who uses your Internet to be able to change vital privacy settings.
7. Configure a Guest Network
If this setting is an option, it can be a security game-changer. By configuring a guest network you ensure that only you know your Wi-Fi password. You can create a guest network or login that’s strictly for strangers. You can also use this for setting up devices and anything you think might put your network at risk. Restricting who has your password is a major part of Wi-Fi safety. It may not seem so when you share it with house guests and friends, but that information can be used to get onto your network. With the popularity of IoT devices, you may want to have them on their own guest network to keep security gaps from putting our network at risk.
8. Enable Automatic Firmware Updates
Ensure you’ve enabled automatic updates on your router’s firmware. If not, you might miss valuable security patches and other protective updates. If you can not set this to automatically update, you should check for updates monthly. When you do update, be sure you double-check all the settings each and every time you install a firmware update. They may default to changing for less aware users but those changes can up your risk factor.
We all need the Internet. Setting up your router can be the first of a long list of things when you move or start a new business. That stress can keep you from important changes that you should change to have the most secure network you can. Thinking defaults are fine or listening to a harried technician can make you vulnerable to all the cybercriminals, lurkers, and hackers who are hoping you opt for the default settings.