Estimated Reading: 5 minutes
It’s easy to forget about data breaches and compliance regulations at home. At work, we have policies and procedures to follow, particularly when there is sensitive data involved like medical records or financial information. But none of that matters in our personal lives.
Or does it? Our identities and personal data have plenty of value. So much so that every one of us is a target. This is why it is so important to develop a home security policy that mimics what most organizations have in place. And even though the suggestions that follow are more family oriented, every household stands to benefit from them. (Get your roommates involved!)
Seven Steps to Developing a Home Security Policy
Start with password compliance.
We’ll get the obvious one out of the way; weak, outdated passwords are your No. 1 vulnerability. Every device, every user, every account needs to have strong, unique passwords. We recommend setting up a “password compliance” policy and enforcing it just like government controlled entities, such as banks and hospitals, have compliance standards they must follow.
For example, you could require that every member of your household implement two-factor authentication wherever possible. You could require passphrases instead of standard passwords. You could encourage the use of password managers, which store all of your logins across multiple devices.
Make no mistake, passwords have never been more important than they are right now in today’s cyber ecosystem. Failing to maintain them is failing to protect the information that matters the most.
Setup your router properly.
Part of your home security policy should include proper router setup and maintenance. And believe it or not, you don’t need to be a network guru. Most modern routers come with easy-to-use software designed to facilitate the needs of both standard and advanced users. Here’s a quick step-by-step guide to getting you started:
- Log in using your router’s IP address, which can be found by following these instructions, or simply googling the brand of your router. (If you don’t know the username or password, you will need to hard-reset the router.)
- Change the default admin username and password ASAP. Most new routers, or recently reset routers, have the username and password default to “admin”. Clearly, leaving it set to default is a major security fail. You can verify the login credentials of your router by going here.
- Change the SSID and password of your network. The SSID is the name of your network and will default to something basic determined by the manufacturer. Change it to something unique and protect it with a strong password.
- Choose the right encryption. When you setup your new SSID and password, you will likely see a few options for encryption. The one you want is WPA2 + AES. This is the most secure standard to date.
- Upgrade the firmware. Like all connected devices, your router will have occasional firmware upgrades. These upgrades often patch security holes. It’s a good idea to routinely log in and check for new updates.
Those are the five basic steps to router setup and maintenance. Once you get familiar with router’s interface, you’ll see how easy it is to make changes as necessary. Also, you may read about certain features such as hiding your SSID or MAC filtering. Ignore these. They offer no additional security.
Use it or lose it.
Most routers will show you a live display of the devices currently connected to your network. If not, it’s a good exercise to go around your home and make a list. Take note of devices that aren’t being used or are rarely used. For example, if you don’t use your smart TV to access the internet, there’s no reason to leave it connected. Remember, with every connected device comes another attack surface for cybercriminals. Disconnect anything from your network that isn’t routinely used to access the internet.
Speaking of losing it…
How often do you just throw away bank statements or other sensitive materials without shredding them? It may not seem that likely, but if someone were to dig through your trash (dumpster diving) they might be able to gather enough information about you to steal your identity. Invest in a shredder and destroy sensitive documents.
This applies to the proper disposal of devices as well. If you recycle an old computer, be sure to totally wipe all hard drives. Reset smart devices and game consoles to factory default before selling or throwing away. Anything that had access to your personal information needs to be properly wiped before it leaves your possession.
Implement strong social media regulations.
If you tweet about how much of a jerk your boss is, or post offensive content, chances are you won’t have a job for long and you’ll probably lose friends. Apply that thought process to your home social media policy. Lead by example and teach your kids what is and what isn’t okay to share. Keep in mind that what you tweet now could hurt you in the future. Less is more when it comes to sharing on social media.
We also need to take advantage of security features most platforms offer. If you have children, it’s especially important that you ensure all accounts are set to 100 percent private and warn of the dangers of random friend requests. Social media is great for communication and learning, but it’s also great for social engineers, cyberbullies, and scams of all shapes and sizes.
Monitor your network.
This is one is a little trickier since as our children age, the less receptive they’re going to be to us monitoring their internet activity. But, just like in most offices where certain websites are banned and certain devices aren’t allowed (in an effort to prevent data leaks), we need to ensure our families are safe.
Parental control software comes with features like per-user settings, content filtering, website filtering, and social network monitoring. The software is generally easy to setup and available on most devices. What’s not easy, as mentioned, is explaining to children why they are being monitored, especially for those that have a strong curiosity for all things internet. For help on this subject, check out Part 1 and Part 2 of Parenting a Geek.
Develop an incident response plan.
Every organization needs an incident response plan, which details how to handle any sort of security incident. Every household should have one too. Whether it be reporting a friend request from a total stranger on Facebook, evidence of cyberbullying, or inappropriate content sent by a friend, we need our children to trust us enough to come forward with this information.
Incident response has two major benefits in the home: it demonstrates a trusting relationship between all parties, and it strengthens our resilience to future cyber-attacks by providing real-life examples of the dangers we all face online. The key word, of course, is trust. We have to start early so our children trust us enough to report anything that could be a threat, and in return, we need to trust them enough by giving them the appropriate amount of freedom.
Trust is an important part of any family security discussion and should be part of your family security policy.
Obviously, these are general suggestions. Not every policy will work for every home, just like there is no one-size-fits-all for organizations. Analyze your situation and do what’s best for your household. Your home security policy will likely evolve over time; it’s just a matter of getting one started!
Also, schedule downtime. Harder said than done, it’s important to turn off all those screens and spend time together without the distractions of the internet. We recognize with so much going digital—everything from school assignments to practice schedules—that it’s almost impossible to totally disconnect. But a few hours a week goes a long way to reconnecting as a family (and friends!). This may not fall under the traditional “cybersecurity” monologue; it’s more a reminder of how much our time is consumed by internet-related activities. And as far as we know, no one has ever been hacked by playing board games or spending time outside.
Latest posts by Justin Bonnema (see all)
- Account Compromised? What to do After a Data Breach - January 17, 2019
- Welcome to the Security Awareness Company - January 10, 2019
- The Security Awareness Program Playbook - January 3, 2019