The good news: The actual for-real Apocalypsageddon is not actually upon us yet. The bad news: You may already be under attack from malicious actors without even realizing it! If you use the internet at home or on a mobile device, or have devices on a home network — and who doesn’t? — then chances are you have been or will be a target of hackers or scammers. Here are a few basic cyber security tips to help you stay protected.
Most home users are connected to the internet via a broadband modem/router, either with its own Wi-Fi capabilities, or with an external Wi-Fi router connected. This is the first threat vector in your home network, so never use the default password! Reduce your vulnerability by choosing a strong but memorable passphrase, 15 or more characters in length, for the router administration functionality. You should also update your router’s firmware — manufacturers regularly release updates to address newly discovered vulnerabilities, but if you’re not up-to-date, then you are by definition potentially vulnerable.
If your broadband modem includes Wi-Fi capabilities, or you have a separate Wi-Fi router, you’ll also want to take steps to protect your wireless data. While WEP, WPA, WPA2, and even the latest WPA3 protocol have been shown to be possible to crack in specific circumstances, WPA2 Wi-Fi encryption is more commonly supported by devices, and is probably sufficient for most situations. Most sensitive internet traffic is sent via HTTPS, so it will be encrypted even in the extreme scenario of someone being able to eavesdrop after exploiting your router.
Adding a VPN – a virtual private network that protects your data over public networks, or even your private home network – can offer another layer of security. Consider an alternative DNS to protect your family from malware as well.
Many Wi-Fi routers incorporate guest network functionality, which provides a connection for visitors that is isolated from your private network, so you can share without over-sharing. With Amazon acquiring Eero and Ring, Google similarly acquiring Nest Wi-Fi and connected home devices, and most modern routers collecting user data and using it for marketing, with some even sharing or selling it to third parties, you may want to spend a moment thinking about what devices are on your network, what they’re doing with your data, and how much you trust those companies.
Internet of Compromised Things
If you are running IoT devices like 3D printers, smart appliances, or your own Raspberry Pi or other connected projects, consider creating a separate virtual LAN so that they are firewalled from your main computers, and limiting their port usage to the minimum required for their given application.
If the notion of these simple devices being a threat seems far-fetched, not long ago, 3D printer owners around the world woke up one morning to discover that their printers had been compromised by a popular plugin, up to and including finding prints that they did not authorize on their machines. There were no reports of lasting damage, but the same exploit could have sent malicious commands, for example overheating beds and hot ends, and causing serious damage to devices and property.
Forget Your Passwords
Passwords are ubiquitous these days, and trying to remember them all can be an immense challenge. One way to solve this is by using the same password for everything, but this leaves you massively exposed, since a password cracked or obtained on one service (say, via recent Facebook or LinkedIn breaches) can then be used to access others. Instead, use a password manager such as Bitwarden or KeyPassXC, which are open-source, and free for most users. Use your password manager to generate your passwords, so that you never even have to know them, let alone memorize them. For cases where your password manager can’t log in for you, choose a long, memorable passphrase, and avoid biometric logins, which can be used against you. Use multi-factor authentication everywhere it’s offered, and favor authenticator apps such as Duo over SMS whenever possible, since phone numbers can be spoofed or cloned.
Back It Up
It is a truism in life that it’s good to have a backup plan. But when it comes to the digital realm, you should absolutely have a plan for your backups. When possible, a 3-2-1 backup strategy will help mitigate data loss: that’s three copies of your data, two of which are local but on separate devices, and one copy off-site. You have the first copy of your data on your computer or other devices already, and can affordably add an external hard drive or thumb drive in order to keep a second, local copy. Your third copy should be offsite, to protect against local disaster, and could be as simple as syncing your files to Dropbox or another cloud provider. And critically, remember to check your backups! Many solutions can alert you when backups fail, but you should regularly simulate catastrophic failure to confirm that your backups would allow you to fully restore your data in the case of an actual event.
If this all sounds a bit scary, that’s because it is — there are many individuals and organizations with a vested interest in stealing your data, and unfortunately, defending against these attacks largely falls on the individual user. But by following a few simple best practices, you can dramatically reduce your threat attack surface, and help avoid Apocalypsageddon — of the digital kind at least!
This article appeared as “Cyber Prep” in Make: Volume 82. [feature Image credit: Adobe Stock – Jan Kelly]