If you work from home, the best cybersecurity protections may be inside a device you never think about: your home router. COVID-19 has made us all more aware of the need to protect our computers at home from online evil. But when was the last time you pointed your browser at your router? The little box that connects your PC and all the other devices in your home to the internet has an array security features that many people are unaware of. After speaking to Derek Manky, chief of security insights and global threat alliances at Fortinet’s FortiGuard Labs, I logged into my Verizon FIOS router for the first time in years and discovered there were no less than 18 devices connected to it, including TVs, printers, thermostats and a half dozen Amazon Echoes. Each is a potential security vulnerability. “If you look at your home router, you’ll be surprised what you find there,” Manky said. Security suites do a pretty good job of protecting against external threats, but the enemy is increasingly inside the network. “The most prominent threat we’re seeing right now is the Mirai botnet,” Manky explains. Fortinet defines that as “Linux malware that primarily targets IoT devices such as IP cameras and routers… [and] can mine cryptocurrencies, perform [distributed denial of service attacks], execute arbitrary commands, and scan the internet for other vulnerable devices to infect.” The last part of that statement is what should catch your attention in particular. Most routers used in home networks assume that everything connected to them can be trusted. By default, they allow each device to see – and possibly connect to – every other device. A compromised camera or thermostat could thus be used by an attacker to navigate to a PC and install malware or a keylogger that captures keystrokes. “Once attackers get command and control, they establish an active communication channel,” Manky says. “If you see your thermostat connecting to a bunch of weird servers, you should block it.” Zero trust begins at home Corporate IT departments apply sophisticated network segmentation controls to reduce this risk. Segmentation enables administrators to isolate sensitive devices into protected sandboxes that have their own policies. It’s part of zero trust security, an increasingly popular form of cyber protection that assumes that nothing and no one on the network can be trusted. Manky likens the scenario to physical home security. “Most people lock up their valuable assets to protect against someone breaking into their home, he says. “That’s segmentation and the same idea applies to cyberattacks. Segments make lateral movement much harder.” Most home routers don’t support segmentation, though. The capability is available in software from Fortinet and others but if you want to try it yourself, it will take some poking around. I spent the better part of an hour digging through my router’s menus and user manual and couldn’t find anything related to network segmentation. I did find a new service called Verizon Home Network Protection that tightens security at the device level but doesn’t appear to prevent them from seeing each other. Comcast’s advanced network settings offers similar functionality. In both cases, they are disabled by default, and you have to turn them on. Good router hygiene Even if your router doesn’t support segmentation, there a few basic measures Manky recommends that can improve protection. Enable guest mode, which sets up an alternative access point for untrusted devices and blocks them from seeing anything on the main network. Connect all your smart devices via guest mode and be sure to use a different password from guest access. Be sure your router uses WPA2 encryption. It’s better than the alternatives although not perfect by any means. If you upgrade to Wi-Fi 6, you can get the more recent WPA3. You did change your router password when you first plugged it in, right? Older routers, in particular, often came with default passwords that were published in the user guide or even no password at all. A Comparitech study last year found that about one in 16 home Wi-Fi routers can be accessed using the default administrator password. Check to be sure firmware is updated on all connected devices. While many automatically install the latest release, that may not be true of your thermostat or video doorbell. Check the manual. Consider wireless MAC authentication. The Media Access Control address is a string of numbers that looks like this: d0:4:b3:20:9f:5c. Every device has a unique MAC address, and most routers can be set to prohibit connections from any device whose address isn’t known. If you want to get super geeky, you can configure an old laptop as a router and install Snort, a highly regarded open-source intrusion prevention system. However, your existing router probably has enough features to protect against the vast majority of threats. If it doesn’t, time to buy a new one. Next, Read This: How to secure your home Wi-Fi network and router Top 10 Tips To Protect Your Home Wi-Fi Network How to Secure Your Wi-Fi Router and Protect Your Home Network How to Secure Your Home Network 10 Ultimate Tips for Wireless Security How to secure your router and home network Related content feature Microsoft's Patch Tuesday updates: Keeping up with the latest fixes Here's a look at the most recent Patch Tuesday release from Microsoft as well as a collection of recent updates so you can track what's changed. By Dan Muse Aug 16, 2024 5 mins Microsoft Microsoft Office Windows 10 opinion For August, Patch Tuesday means patch now Microsoft’s monthly update for August includes fixes for six — yes, six — zero-day flaws affecting Windows and Office. By Greg Lambert Aug 16, 2024 10 mins Microsoft Microsoft Office Windows Security opinion Germany’s BSI guns for better tech security Microsoft will need to become secure by design, but if you can't wait there's an alternative. By Jonny Evans Aug 16, 2024 5 mins Apple Windows Security news MIT delivers database containing 700+ risks associated with AI Called the AI Risk Repository, the goal, its creators say, is to provide an accessible and updatable overview of risk landscape. By Paul Barker Aug 15, 2024 1 min Generative AI Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe