Here at JumpCloud, security is built into everything we do. In light of recent events, many of our customers and partners have been looking for guidance on how to maintain network security during a shift toward remote work. Here are six concrete steps for securing a home network that you can share with your employees, straight from one of our own security engineers, Philip Deuchler.
1. Own your router and modem instead of renting.
Whoever controls your router and modem controls your network. If you don’t own your router or modem, you’re giving someone else that control. Data from every internet-connected device in your home passes through your modem/router, and internet service providers (ISPs) have been known to sell data collected from their rented devices. And the benefits of buying your own modem/router go beyond security: you can usually make your money back within a year if you buy instead of rent.
Your ISP’s website should have a list of compatible modems. This page is also a good resource for researching router capabilities.
2. Keep your router up to date.
Most modem/router combos make updates easy via a web-based settings panel. Outdated router firmware is a major vector for attackers, especially if you combine that with an insecure internet-connected appliance (think smart home / internet-of-things products like Ring cameras, internet-connected Roombas, WiFi-enabled dryers, etc.).
You can update practically any router by visiting the router’s IP address in a web browser and logging into its admin console. You can almost always find the IP address and default credentials labeled on the bottom of the router. If you’re having trouble finding the default credentials, you can usually turn them up in a quick Google search. And if you’ve changed the credentials before and since forgotten them, you can do a hard reset and then use the default creds. Once you’re logged in, all you should have to do is find the router’s settings menu and click the update button.
3. Ensure your router admin credentials are secure.
If you can still log into your router’s settings with the default credentials, we recommend changing the password. Hard-to-guess passwords with 32 or more characters are ideal here. You can store this new password in a password manager like LastPass.
4. Ensure your WiFi network password is strong, and you’re using WPA2 security.
Your WiFi password should include numbers and letters, and be longer than 12 characters. You can combine multiple words or phrases to make a secure passphrase that’s possible to memorize. We also recommend using WPA2 security — this can be changed in your router’s admin console as described in step 2 above. At the minimum, standard WPA is necessary. WEP security, on the other hand, is extremely outdated and easy to crack with just a laptop and some off-the-shelf software.
5. Remove unnecessary connected devices.
Do you really need that internet-connected toaster? And if you do, do you need it open to the outside internet? Probably not. Every connected device in your network is a potential vulnerability, and chances are, your WiFi-connected washing machine doesn’t get security updates as frequently as your MacBook®. You can reduce risk by reducing the number of connected devices on your home network. Alternatively, think about setting up a separate network for your IoT devices.
6. Consider periodically rotating your WiFi password.
WiFi passwords are like any other password: They’re only good as long as they’re secret. The longer you have the same password, the more people and devices have that password. It’s actually pretty painless to rotate your WiFi credentials, and getting in the habit can be very helpful to your WiFi security.
Additional Security Measures for Remote Work
Looking for additional steps to maximize security in the new era of remote work? One key measure is to use a unique, long, and complex password to log into your Mac or Windows device. On top of that, we recommend protecting your login process with the added layer of multi-factor authentication. And, to secure your data in the event your laptop is lost or stolen, it’s important to have full disk encryption enabled.
Learn how IT admins can implement these measures remotely across your entire organization using JumpCloud.