Have you ever heard the saying “Safety starts at home”?\n\nIt’s true, especially in the context of the Internet. For the bad guys, no target is too small as long as data is concerned. This was certainly the case in April 2018 when it was reported that [Russian hackers targeted home routers](https://www.zdnet.com/article/russian-hackers-are-attacking-home-routers-isps-and-business-firewalls-to-spy-and-steal-data-warns/).\n\nOnce a hacker gets access to an unprotected home network, they’re pretty much free to do what they want. Malware campaigns, data and identity theft, and botnets are just a few of the possible ways a hacker can exploit a vulnerable home network. This is why setting up a secure home network is a must.\n\nBut, without the necessary know-how, safeguarding your home network can seem like quite a complicated task — especially if you aren’t tech savvy.\n\nDon’t fret.\n\nIn this post, I give some helpful tips on how you can set up a secure home network — even if you’re a tech novice. Now, while there’s no way to be 100% secure, you can, at least, make yourself a harder target.\n\n**Secure your Wifi and Router**\n\nThe first thing you have to do is change your SSID (Service Set Identifier). This makes it harder for hackers to identify what type of router you have, thereby, preventing them from exploiting known vulnerabilities. Your network name shouldn’t disclose any personal information as [even a little can be used in identity theft](https://heimdalsecurity.com/blog/true-story-what-i-found-out-about-a-person-after-having-found-travel-card/). Also, don’t challenge hackers by naming your network something like “Unhackable” or “Can’t hack this”.\n\nNext, change your default admin credentials. Routers usually come with weak usernames and passwords by default. If a hacker determines what router you have, they can look for its default credentials by going to sites like [RouterPasswords](http://www.routerpasswords.com/) and [DefaultPassword](http://defaultpasswords.in/). Use strong passwords that are both long (16–20 characters) and complicated. You could always perform a master reset if you ever forget your password. You may want to use a password manager app to help you formulate and keep your strong password.\n\nMake sure to turn on WPA2 encryption with AES (Advanced Encryption Standard), if possible. TKIP (Temporary Key Integrity Protocol) is better than nothing but AES is always be preferable. WPA2 AES is currently the most secure encryption standard available (despite its weakness to [KRACK attacks](https://www.krackattacks.com/)) until WPA3 becomes widely available.\n\nYou should then Disable WPS (Wifi Protected Setup) and UPNP (Universal Plug and Play) features. WPS makes adding new devices to the network easier by simply pressing the WPS button on the router and then pressing the WPS button on the device. This can, however, be used by unauthorized persons to gain access to your router, hence, the need to disable it. UPNP lets devices on the network discover newly-connected devices and it comes with its own set of [security dangers](https://www.csoonline.com/article/2641466/security/the-danger-of-upnp-routers.html).\n\nYou may also want to disable remote access to your router’s admin panel. While accessing this admin panel isn’t itself a problem, doing so wirelessly can be. This is because the login credentials you send through the air may be intercepted by hackers. Disabling remote access prevents hackers from accessing your admin panel even if they were somehow able to break in wirelessly.\n\nWhen it comes to hardware, having a Network Firewall is always a good idea. Hardware firewalls add an extra layer of security by blocking incoming data which it deems unsafe. Your router may already come with a built-in firewall so all you have to do is make sure it’s enabled.\n\nNow, you may have already heard this a hundred times before but, you should remember to regularly update your software — especially your router firmware. Older firmware will have vulnerabilities which hackers can exploit. Also, you might miss important security features available only on the updated version. Firmware updates are usually rare so make sure to regularly check the manufacturer’s website for the latest version.\n\nIf your router has a guest feature, make sure to have your visitors use it. A guest network lets visitors access your Internet connection without providing them your Wifi password while also limiting accessible network information. You can set this guest network feature to turn off after a set amount of time which makes it quite handy. It also protects your local network from network worms when an infected device is plugged in. Additionally, you can [connect your IoT devices to a separate guest network](https://dazeend.org/2017/03/segregating-iot-devices-on-an-isolated-network/) to protect your more important main network.\n\nOnce you’ve done all of the above changes, you may want to place or transfer your router at the center of your home or as close to the center as possible. This ensures an equal wireless signal range around your home. More importantly, it makes your signal harder to find from far away.\n\nWhile talking about signal range, you may want to switch to using 5 GHz instead of 2.4 GHz if you live in a single room apartment. 5 GHz frequencies have a smaller range and don’t penetrate solid objects too well. This makes it perfect if you’re trying to make your home network as isolated as possible.\n\nFinally, don’t forget to turn off your wireless home network and Ethernet-connected devices whenever you plan to be away for extended periods of time. Doing this prevents hackers from finding your home network while you’re away and prevents damage via power surges — it may even reduce your utility bills a bit.\n\n**Essential security tools for your computer and IoT devices**\n\nFirstly, you’ll need a firewall software on your computer and mobile devices. While your router’s built-in firewall usually does a good job of blocking incoming connections, it usually has a hard time deciphering outgoing traffic. This is where firewall software comes in. By deciphering which programs should be allowed to go out, it helps prevent botnets, trojans, and other malware from phoning home.\n\nThe great thing about firewall software is that they often come built into the best antivirus software already. Just make sure to do a little research on any antivirus software you find as it may be [rogue security software](https://en.wikipedia.org/wiki/List_of_rogue_security_software). Make sure to only install software that experts trust. You can check out the top [antivirus software reviewed by CSO Online](https://www.csoonline.com/article/3215866/endpoint-protection/best-antivirus-software-14-top-tools.html).\n\nAntivirus and firewall aside, you’ll also need a VPN (Virtual Private Network). A VPN adds not just one but two layers of security to your online connection. It does this by adding another layer of encryption (on top of the AES encryption provided by your router’s WPA2 AES) as well as replacing or hiding your true IP address.\n\nThe great thing about VPNs is that installing one on your router effectively protects all the IoT devices on your home network. However, it should be noted that while a VPN is important for your home devices, it is doubly so for your mobile devices which you use to connect to [risky public Wifi](https://www.cnbc.com/2016/06/28/most-people-unaware-of-the-risks-of-using-public-wi-fi.html). The thing is not all VPNs are safe. Some free VPNs, like popular Chrome extension [Hola](https://www.theverge.com/2015/5/29/8685251/hola-vpn-botnet-selling-users-bandwidth), have been known to sell users’ bandwidth and/or data. Instead, check out these [safe Android VPNs](https://thebestvpn.com/best-vpns-android/) to keep your mobile devices safe.\n\n**Final thoughts**\n\nBy following the tips in this article, you’ve just set up a secure home network. While the tips I gave may help prevent some attacks, they sadly can’t defend against attacks, like phishing or social engineering, that target you specifically.