3 Tips to Secure Your Home Network

Whether we like it or not, we have all become the network administrators of our own home networks. As such, our responsibilities extend beyond protecting our families to helping to be good stewards of the networks we’re connecting to (e.g., Work).

To help, here are a few tips that should help you create a safe environment for both you, your loved ones and your company.

1 – Establish a Separate Networks

Over the past 10 years I have spent a great deal of time working with consumers and business around the world helping them prevent and remediate hacks. More often than not, they missed one very simple principle in security – functional isolation.

This simply speaks to the idea of isolating environments to a specified function. In the world I come from, that was ensuring that you didn’t have a a server serving multiple functions (e.g., web server, DB server, File Server, Key Server, etc..).

The same rule applies to your home network. Without getting into the weeds, a very simple trick is to create a dedicated subnet for your use. A very easy way to do this is a purchase a second router, connect it to the one your Internet Service Provider (ISP) provided you and restrict access to that network.

Example of a Home Network with two subnets – one for work and one for the family

In addition to isolating traffic, it will have the added benefit of addressing some of the network saturation you experience if you have kids that love playing video games.

2. Configure the Router

These days I spend a lot of my time helping parents and organizations alike configure their networks through CleanBrowsing. In that process one thing has become apparent, the routers are rarely configured correctly.

A couple of things to consider when configuring your router:

  1. Check if they allow automatic updates. Let’s face it, you’re likely not going to keep up with it. At a minimum, subscribe to get notifications of updates.
  2. Disable the Wireless Protected Setup (WPS) and the Universal Plug and Play (UPnP) protocol. This is especially good if you live in close quarters to someone else (e.g., TownHouse, Apartments, etc..) or if you have kids. :)
  3. Enable the router firewall if it’s available, at a minimum leave the default settings. Only mess with the defaults if you know what you’re doing.
  4. For all that is holy, please update the basic log in credentials and save them in the password vault you’re using.
  5. DNS is a critical piece of the puzzle, learn how I use CleanBrowsing to provide a safe browsing experience at home and how DNS can be used to mitigate security threats.

3. Force Good Online Behavior

One of the biggest contributing factors to small businesses getting hacked is poor online behavior. I encourage you to pay special attention to how you interact online. Here are a few tips to help:

  1. Try to separate activities by browsers if possible. For instance, dedicate one browser to your social sites (e.g., Twitter, Instagram, Facebook, etc..), another for your work related sites, and try to restrict when you access financial institutions.
  2. It’s never a bad time to do an audit of your passwords, are they the same across all your sites (e.g., financial, social, company, etc..)? If so, might be good to invest in randomly generated passwords and password vaults (e.g., LastPass, Dashlane, 1Password) to help you remember them.
  3. Are you leveraging the Multi-Factor Authentication (MFA) features provided by the various platforms you interact with? If not, it would be good time to lean into that. My buddy Jesper has been writing an exceptional series on MFA I encourage you to read if you have time.

Be a Responsible Network Steward

We’re in unchartered waters these days, and each of us have a responsibility to help keep our networks safe from bad actors. This dramatic shift to Work From Home (WFH) has shattered the last form of network perimeter most corporations have been holding onto and we all need to do our part in helping to protect them.

In the process you might find yourself intrigued by what networks have to offer. :)

Leave a Comment