Chances are, you are using the router given to you by your internet service provider (ISP). Generally speaking, those routers provide a very basic level of security, if any. This article will take you through options to make your network more secure.
What you need to know about routers is this:
The router is the boss of the network.
All devices that see the internet must go through the router.
The router is the last and first device in your home that data travels through.
Terms like modem, switch, gateway, edge, Wi-Fi, and firewall all tend to be used interchangeably with router. They are not synonymous, but for the sake of this article we are sticking to router as our focus.
The principal goals in cybersecurity are to protect the network from outside threats and to control access by those inside the network. These goals cannot be achieved without a firewall. The ISP is in the business of providing internet. Security and web filtering is not their specialty, so they partner with other vendors to provide a turnkey solution to make it convenient.
Whatever security you are getting from your ISP is provided by a third-party and is the lowest bidder so that the bundled services have an attractive price tag.
Is that better than nothing? Maybe. Can we do better? Absolutely!
Since residential homes and small business networks are generally the same in design, I am writing this article to cover both the same way. One may have a “business internet” product while the other does not, but that generally means nothing other than what limitations are placed on the total amount of data allowed per month. From a security perspective it is all the same.
1 – Purchase a router from a reputable manufacturer. I am not going to write a review on routers. There are plenty of resources for that. But I will say on the consumer-grade level that TP-Link, Synology, and Netgear are longtime players in this area and have their user interface and access controls (i.e., parental control) well integrated. If you want help in specifically matching up the best router for your needs, then just send me a message for a brief consultation.
Barracuda and SonicWall have been my preferred routers for any network that is associated with running a small business.
2 – Segregate your network so that guests, smart appliances, physical security systems, and computers are not directly visible to each other. There is a strong case from a speed/performance standpoint to keep devices with specific functions grouped accordingly. But from a cybersecurity perspective it makes even more sense. If I am running a doctor’s office with patient data on tablets, laptops, and desktops and I offer guest access to my network, I better be certain that the guest network is separated from my business network.
Same with running a home-based operation. Security cameras and door locks are harder to hack if they are kept apart from computers. Effectively, you are setting up the router to treat these groups as sub-groups and they are not allowed to see each other unless exceptions are created. You might need help setting this up, but it is absolutely worth it to minimize vulnerabilities.
3 – Install multiple wireless access points or a mesh network. If you are using security cameras, motion sensors, or lighting that requires your home internet, then robust wireless coverage is essential. Now, you really should have those devices wired, but if there is no option then invest in the best wireless coverage possible with the latest encryption standard (WPA2 or WPA3).
There are apps that will show you a strength meter for your Wi-Fi. It is a reasonable DIY option. If you are looking for something more in-depth, we can run a heatmap on the floorplan of your facility or home.
4 – Change your router’s DNS to a secured DNS service Like I mentioned above, ISPs are all about getting the commodity of the internet into your home. Security is an afterthought for them. Domain Name Servers (DNS) exist to reconcile a user-friendly name like CyberSecureTX.com with the site’s physical address, 22.214.171.124.
Most DNS servers do not filter out bad stuff like pornography or torrents. Switching your router to use DNS servers that have options to filter the web will go a long way in protecting your users from accessing sites that will compromise your network. OpenDNS, Cloudflare, or Quad9 are a few of the options out there. Let us know if you need help selecting one and/or setting it up.
5 – Review best practices for using the internet and other forms of technology. I would be remiss if I did not mention my previous article, Your 2023 Cybersecurity Checklist. https://www.cybersecuretx.com/post/your-2023-cybersecurity-checklist
TLDR: ISP routers do not provide the best security against today’s threats. Invest in a router from a company that makes its livelihood from providing security products. Set the router to use a secure DNS provider and learn how to keep your network devices segregated. Extend your Wi-Fi to areas where cables cannot be used and set to the latest encryption protocols.
When in doubt, call upon us at email@example.com.