Default Passwords are a no-no
Don’t keep the default admin and password provided by your router manufacturer. These can be the same for every model and an attacker knows this, so it will be the first thing they try.
Change the administrative credentials from the defaults straight away. Your router's instruction manual should show you how to do this. If it doesn't, then just Google it.
Complexity is key, a good password includes:
A router's default SSID – Service Set Identifier – is the pre-set name of a wireless network that comes with the router, usually including the brand name and a series of numbers, like "Linksys-3486" or "BTHub4-1234", you can typically find it on a sticker on the router itself.
There’s two reasons for changing this. Firstly there’s a good chance your neighbours could have the same default SSID as you which could be confusing when new devices are connecting.
Secondly, having the default SSID on your router can be a security risk as it will more easily reveal the make and model of your router to potential hackers, allowing them to exploit known vulnerabilities associated with that specific device.
Choose your own with a longer name that includes both letters and numbers. Never include personal information like your name, address, date of birth, or passwords.
Almost all wireless routers come with an encryption feature. For some router, though, it is turned off by default. Turning on your wireless router’s encryption setting can help secure your network. Log in to router's administrator console. Change the encryption to WPA2 or WPA3. Set password.
WPA stands for Wi-Fi Protected Access, and it's a series of security protocols designed to safeguard your Wi-Fi traffic. When you connect to a Wi-Fi network and type in a password, WPA governs the "handshake" that takes place between your device and the router, and the encryption that protects your data. In a non-techy explanation it basically makes passwords much harder to crack and even if a hacker does figure out your password, it keeps your data safer.
WPA3 is the gold standard of encryption safety tools to safeguard your Wi-Fi traffic. Any new routers should be supported by this.
So, have you got WPA3?
You can check this by looking at the settings on a device that is using your home Wi-Fi. It will probably be under Wi-Fi properties. You’ll find your router’s ‘security type’ here and you’ll either see: WPA3, WPA2, WEP or WPA.
If you have WPA2, that's the previous standard and is still pretty decent, although not as advanced. But if you have WEP or WPA these are both outdated and you should consider replacing your router.
If you’re looking to buy a new router or connect to the internet with a new provider, see if you can get a Wi-Fi certified WPA3-ready router.
Your router allows anyone connected to a guest Wi-Fi network to use the internet, but keeps them contained and prevents them from accessing any other smart devices like printers, thermostats and secure doorbells. It works by offering a different sub-network from where the other devices live. This network has different internal software rules to determine what network traffic can get sent where.
Putting visitors on a guest network isn’t saying you don’t trust them, it’s about being sensible. If someone unintentionally invites bad things in whilst using your guest network, it will be contained and can’t spread to other areas of your home network. It’s essentially quarantined and isolated in your internet-only area.
This is why it’s ideal for kids too. Let’s be realistic, younger ones are more likely to accidentally download malicious software whilst browsing the web.
Lots of routers have a remote login option which allows you to configure your home network through a browser from anywhere in the world.
For most this feature isn’t actually necessary and it is also creating another access point for attack.
If possible, disable remote login for the router to prevent a hacker from remotely changing the settings. To do this, open your router’s web interface and look for: “Remote Access”, “Remote Administration” or “Remote Management” feature. There you can turn it to “Disabled”.
Manufacturers release firmware updates to address security vulnerabilities and improve performance. These include security patches to protect against new cyber threats and bug fixes.
Some routers give you automatic update alerts, but many need you to manually check for an update on your router’s manufacturer website.
Regularly check your router's manufacturer website or use the router's interface to look for and install available updates following the given instructions.
A “firewall” is designed to protect computers from malware, viruses, and other harmful intrusions. Wireless routers generally contain built-in firewalls but are sometimes sent with these turned off. Check that your router’s firewall is turned on by logging in to your router's administrative panel, navigating to the "Security" or "Firewall" settings section, where you should be able to see the current status of the firewall and toggle it on or off if necessary.
If your router doesn’t have such a firewall, make sure you install a good firewall solution on your system to guard against malicious access attempts on your wireless network.
Check which devices connect to your home network and make sure they have reliable security software installed against viruses, malware, spyware and ransomware protection.
Most will cost – around £3 a month mark – and the most popular are normally brands like McAfee, Norton and Avast.
A virtual private network, or VPN, is a virtual private network that creates a private and encrypted tunnel, to encrypt and convert the information sent and received from your device over Wi-Fi connections, into an unreadable and untraceable format. It helps ensure the data transmitted during those online sessions remains secure and private.
Your ISP won't be able to see your web traffic. Even the local network's operators won't be able to look into your activities. If you need to access websites inaccessible to you due to being in the wrong country, you can use a VPN to overcome that too.
To use a VPN you’ll need to choose from the many providers and download their app onto your device and sign in and connect. You’ll probably have to pay for a decent VPN, these can cost between £2 and £15 a month.
If you’re worried that your current router is too old and might be causing a security risk – get a new one!
Speak to your broadband provider to see if you’re due or can get a free upgrade. If you have to pay for it, make sure you get a router with WP3 security, Wi-Fi 6 enabled and built-in security tools.
You’re not limited to your provider for a new router either. Most providers will allow you to use a third party router instead of the free one. Just check its compatible before purchasing.
