Secure Your Internet Connection Against Hackers

 Key Takeaways About Internet Connection Security

• Do the basics first: update router firmware, enable WPA3, change default login credentials, and enable automatic updates. 
• Use multi-factor authentication (MFA): MFA blocks the vast majority of automated attacks. 
• Use secure passwords and password managers: unique, long passwords can defend against brute-force attacks and reuse risks . 
• Use a trusted Virtual Private Network (VPN) — especially on public Wi-Fi. 
• Back up and prepare for attacks: offline and/or cloud backups with tested recovery allow you to bounce back from attacks.

On average, a U.S. home has over 20 connected devices. That’s a lot of convenience, but it’s also 10 different doors that you need to lock. 

Hacking causes a lot of problems, but you can follow seven simple steps to lower your risk.

Who Is at Risk and What Do Hackers Want? 

In short, anyone with an internet connection is at risk. Everyone has something worth stealing, and that’s why hacking exists.  

What exactly are hackers after? It varies, but these are the most common targets: 

• Passwords 
• Credit cards 
• SSNs 
• Medical data 
• Access tokens 

One of the leading examples of hacking attacks is the dreaded ransomware attack. A hacker compromises a system and encrypts all of the files.  The attacker promises to unlock your data if you pay the ransom. 

As scary as it can feel, good habits negate the biggest risks. According to IBM, 95% of cybersecurity breaches stem directly from human error. Learn and implement good practices, and you’ll be in much better shape.

The Seven Steps to Security

Internet security is complex, but this checklist can get you off to a strong, easy start. 

1. Change your router admin password. 
2. Enable automatic updates for all of your devices. 
3. Enable WPA3. 
4. Create unique passwords and use a password manager. 
5. Enable MFA. 
6. Run security scans on your devices.
7. Set up backups.

How to Secure Your Wi-Fi

What Is WPA and How Does It Protect My Wi-Fi?

WPA stands for Wi-Fi Protected Access. It's a security certification program developed by the WiFi-Alliance in the 2000s. It creates security standards for Wi-Fi, and over the decades, three versions have been released: WPA, WPA2, and WPA3. 

Should I Use WPA3 or WPA2?

Whenever possible, use WPA3 over WPA2. WPA3 is newer and more secure. It offers stronger encryption, secure data transfers, and better defense against offline brute force attacks. In fact, the difference is so stark that major tech companies, like Apple, strongly recommend switching to WPA3. 

Some older devices will not support the newest security methods. In those cases, you will need to use WPA2.

For the most part, any device that can use Wi-Fi 6 can also use WPA3. 

How Can I Secure My Router?

Secure your router admin account by changing the username and password from the defaults. These are set by manufacturers, so hackers can access admin accounts with relatively little research. 

Unique and strong passwords are a powerful first line of defense. 

You can also change the SSID. This shields your network from attacks that would target you personally. Because of that, you want to avoid putting any personal information into the SSID. Make it difficult to guess, and you can also hide it. With these techniques, a hacker would have to already know the SSID before they could attack it directly.

Why Are Firmware Updates and Automatic Updates Important for Cybersecurity?

Sometimes, it feels like tech experts are constantly screaming at the masses to keep up with updates, and there are reasons for that. When major vulnerabilities or exploits are found, software engineers create updates to solve those problems. Firmware updates target hardware, like your modem, router, or gateway. Automatic updates target software like operating systems and apps.

How do you do this for your router?

1. Enter the IP address for your router (often on a sticker on the device itself) into a browser connected to your network. 
2. Log into the control page with your admin credentials 
3. Look through the settings to check for updates. If possible, toggle to enable automatic updates 

You may also be able to do all of this from an app designed for your router. If so, the process is similar, but you can do everything from the app without the need for an IP address.

How Do You Update Software?

Software updates will depend on the device. Let's start with Windows devices: 

1. Open the Windows menu and type "update" in the search bar. Click on "Windows Update Settings." 
2. Enable "Get the latest updates as soon as they're available." 
3. You can manually check for updates by clicking "Check for updates." 

On an Apple device, follow these steps:

1. Go to the settings app. 
2. Tap on "General." 
3. Tap on "Software Update." 
4. Ensure that "Automatic Updates" is set to on. 

On an Android device, use these steps:

1. Open the Google Play Store. 
2. Navigate to "Settings." 
3. Choose "Network preferences." 
4. Select "Auto-update apps." 
5. Choose whether you prfer to update over any network or only on Wi-Fi. 

Guest Networks and Device Segmentation

Modern routers allow you to set up multiple Wi-Fi networks from a single device. Most have an option for a guest network. This is a completely separate network that you can use for people who visit. 

Because the network is separate, if the guest network is hacked, it does not mean that your personal network is also hacked. This especially matters with guest devices because visitors might bring a compromised device or bad security hygiene with them when they use the guest network. This “segmentation” isolates any of those risks to the separated network.

You can also segment networks for your own devices. Any IoT (Internet of Things) devices (e.g., smart home devices) should go on a separate network from the personal devices you use all the time. Your phone, laptop, etc., use one network while automated smart devices use their own. Again, a single router typically allows you to set up these separate networks.

How Can I Protect My Passwords from Brute-Force Attacks?

Make your passwords longer. It’s simple math. The longer your password is, the harder it is to crack. 

With modern hardware, a seven-character password can be cracked in a few seconds. Meanwhile, an 18-character password will take 6 days of nonstop processing to crack. 

Complexity also matters. That six-day number assumes the password only uses numbers. Take that same 18-character password length and add a mix of upper and lowercase letters, symbols, and numbers, and the time to crack it explodes to roughly 26 trillion years. 

Long, complex passwords are secure, but they can be difficult to remember. Solve this with a password manager. Be sure that the master password for your manager utilizes length and complexity. Use phrases instead of words to make it easier to remember.

What Is Multi-factor authentication (MFA) and Why Does It Matter?

What Is MFA?

Multi-factor authentication is a security process that requires extra steps for any log-in attempt. Without MFA, you can log in just using a username and a password. With MFA, you might also have to get a security code from an email, text message, or authenticator. 

Does MFA Really Work?

Yes. Each factor you add to MFA adds complexity and reduces the risk of compromise. The majority of automated attacks cannot get through standard MFA practices. 

Nearly 99.22% of compromises are prevented by MFA, according to a Microsoft study 

Use MFA on your most important accounts. Start with accounts you use to access other accounts, like your email or social media (especially if you use single sign-on with these accounts). 

Also implement MFA with password managers and anything money-related, like bank accounts, money-sharing apps, and shopping apps. 

Lastly, token-based authentication is better than SMS or email codes when available. This includes authenticating apps or hardware security keys (like a security flash drive). 

What Are VPNs and Why Should You Use Them?

What Is a Virtual Private Network (VPN)?

A VPN creates an extra step in internet trafficking and routing that helps protect you from prying eyes and attackers. You use a service, and that service routes all your internet traffic through a physical server somewhere else in the world. 

That server encrypts information between you and your internet traffic. It also masks your IP address from any destination you visit on the internet. It adds a layer of security that makes hacking that much harder.

When Should You Use a VPN?

Always use a VPN whenever you are on public Wi-Fi or traveling. When you can’t control Wi-Fi security, the risks go up, and your VPN can help minimize those risks. 

You can also use a VPN at home for a little more security. Especially if you don’t want your web behaviors tracked, a VPN helps. 

Choose a reputable provider. Plenty of VPNs have been known to leak data, and free VPNs often get a little cheap with how well they protect you. There are plenty of good options and this guide can help you find one. 

What Is SSL and TLS?

SSL stands for “secure socket layer,” and it was the standard in website encryption and security for many years. Then, people found exploits and ways to crack it. 

The modern, updated replacement is TLS (Transport Layer Security). SSL was the standard for so long that many people refer to modern, secure TLS as “SSL” out of habit, but all websites should be using TLS for security these days. 

If you run or own a website, you want TLS 1.2+ at a minimum. TLS 1.3 is even better when possible. You should also check your security certificates and ensure that HSTS is enabled. 

For internet users, things are simpler. Look for HTTPS and a valid padlock icon next to the website address in your browser if you’re doing anything that you want to keep secure, especially for any online transactions.

Firewalls, Antivirus, and Endpoint Protection

Firewalls help prevent unwanted access to networks and devices. You can install them with each device. You can also install them with your router to protect the whole network.

In short, do both. More security layers are usually better, and doubling your firewall protection should not impact internet performance. 

As for antivirus and endpoint protection, lightweight options for personal devices go a long way. 

What is lightweight protection? It's security software that doesn't use as many resources and slows down your devices. Many free security suites operate as lightweights. 

Most devices come with protection built into them (like Windows Defender). Simply allow them to work, and you should be in good shape. If you want a little extra protection, find a lightweight app from a reputable company. 

Mobile Device Hygiene Checklist

• Don’t auto-join public Wi-Fi networks 
• Only install apps from official stores 
• Enable device find and remote wipe 
• Enable your lock screen 
• Use a pin and/or biometric device locks 

IoT Device Security Checklist

• Change the default credentials 
• Update firmware 
• Put IoT devices on a separate network 
• Remove unused devices 

Backups and Ransomware Preparation

Hacks, ransomware, and data loss can all be mitigated with good backups. Follow the 3-2-1 rule for backups, and you’ll be in good shape. 

Three

You should have at least three copies of any important data (additional copies yield diminishing returns). You want the original copy that you readily use — typically on a personal device, and two additional backups. 

Two

You want your backups on at least two different types of media. Most commonly, you can use your personal device and cloud storage. 

One

At least one backup should be kept off-site. This way a disaster at your normal location will not impact all of your backups. A cloud backup meets this criteria, but a flash drive kept at another location would also count. 

With those backups, make sure you regularly schedule to create or update them, and routinely test restores. If you encrypt your data, make sure you have a recovery playbook to decrypt your backups when you need them. 

How to Tell If You’ve Been Hacked

It’s not always easy to recognize hacking attacks, but a handful of signs can provide an indication: 

• Sudden slow bandwidth (that your ISP can’t explain) 
• Unexpected password changes 
• Unknown logins and login alerts 
• Antivirus alerts 
• Ransomware notes 

If you think you’ve been hacked, you can take productive action. Follow these steps to mitigate the problem: 

1. Isolate the device. Whatever device might be compromised, take it offline as soon as you can. 
2. Change passwords from a clean device. 
3. Call your bank if you’re worried about financial information. 
4. Involve the authorities if a crime has been committed. 
5. Restore from a backup if needed.

A Practical 30-day Security Plan

Good internet security seems like a lot to manage, but when you break it into smaller chunks, it gets easier. Try this rough timeline to get on top of your security. 

Week 1

Tackle the backbone of your internet. Secure your router by changing the default logins. Set up your password manager and enable MFA with all of your essential accounts. Get your backups online and make your first copies. 

Week 2

Make sure all of your devices are up to date and turn on automatic updates. Segment your IoT devices. Install a VPN, especially for travel devices. 

Week 3-4

Review app permissions on your devices. Run security scans and practice your recovery process.