Intrusion detection systems. Network firewalls. Behavioral analysis. Encryption. The toolkit of the modern information security professional is full of complex, advanced technical controls designed to protect enterprise networks against increasingly sophisticated attacks. How should home users protect themselves — without investing thousands of dollars in specialized security equipment — against cybercriminals who want to steal sensitive personal information?
Fortunately, there are simple and inexpensive steps that every home user can take to build a robust, layered defense that will protect them against most of the malicious threats that jeopardize the security of their systems and personal information. Let's take a look at five simple ways that you can keep your network secure without breaking the bank. Think of these recommendations as being a Cybersecurity 101 course for the average home computer user.
Use a Firewall
Businesses spend thousands of dollars on sophisticated firewalls designed to keep malicious threats out of their protected networks. Firewalls sit at the border between a private network and the Internet, enforcing rules that regulate the traffic allowed to cross that border. Enterprise-grade firewalls are expensive and require extensive configuration to precisely define the types of traffic that should be allowed to enter the network unsolicited. For example, a business firewall would typically allow connections from the Internet to the company's web server.
Fortunately, home users don't need a sophisticated firewall because they don't have sophisticated networking needs. Unless you're running public web servers in your home, your firewall policy should be very simple: Don't allow any unsolicited connections to your network. You probably already have a firewall built-in to the Internet router provided by your service provider. Even better, it's probably already configured to enforce this simple "deny everything" firewall policy.
Take the time to understand what type of router is sitting at the border of your home network. Find the instruction manual for that model router and use it to verify that the firewall function is enabled and blocking all unsolicited connection requests. This will go a long way toward keeping the bad guys out of your network.
Install and Update Antivirus Software
Antivirus software is still one of the tried-and-true ways to protect your network against malicious threats. Signature-based software runs on your systems, scanning them constantly for any signs of malicious software. When antivirus software detects a threat, it acts to immediately neutralize it by removing the software entirely or, if that's not possible, quarantining it in a safe location until you can take further action to clean your system.
You can't just simply install antivirus software and walk away, however. The manufacturers of antivirus software release new updates on a daily basis to combat recently discovered strains of malicious software. If you haven't updated your software in a few years, it's next to useless as a defense against modern threats. Take a few minutes to verify that all of the systems on your network have current antivirus software and that they're configured to receive daily signature updates from the vendor.
Keep Computers Patched
Whether you're running Windows or Macintosh systems, you need to apply security updates on a regular basis to keep your systems secure. Microsoft and Apple release patches whenever they become aware of a security vulnerability in their operating systems. If you don't apply those patches, attackers will likely discover your vulnerability and exploit it to gain access to your network and data.
Fortunately, it's easy to keep your computers patched. Both Mac OS X and Windows provide automatic updating mechanisms that check every day for new security patches and automatically apply them to your systems. You just need to ensure that this functionality is turned on and your computer will take care of all of the work.
Encrypt Wireless Networks
Your wireless network is the easiest path for an attacker to gain access to the systems in your home. You should use strong WPA2 encryption to protect your network and configure it with a strong password known only to authorized network users. If you have no encryption, or use the outdated WEP encryption standard, it's equivalent to leaving your front door unlocked and open, waiting for intruders to wander by and steal your belongings.
Configuring wireless encryption is usually very easy. Check the manual for your wireless access point. You'll probably just need to select WPA2 encryption from a drop-down menu and then enter a strong passphrase used to access the network. Once it's up and running, reconfigure all of your devices to use the new encrypted network and the contents of your communications will be safe from prying eyes.
Encrypt Sensitive Files
One oft-forgotten risk is the physical theft of computing devices. If an intruder steals a computer out of your home or a thief grabs your bag on the subway, you may lose physical possession of the computer. It's one thing to lose a couple thousand dollars because of the device theft, but it's far worse to lose your tax returns, credit card statements and other sensitive information that might be stored on the device.
You can protect yourself against the loss of sensitive information by encrypting the contents of your computer. Even if the computer falls into the wrong hands, the thief won't be able to access your encrypted personal information without knowing your password. Both Windows and Mac systems offer free built-in encryption technology that you can easily enable. FileVault on Macs and BitLocker on Windows provide an easy way to protect the contents of your hard drive from prying eyes. Just make sure that you know your own password so that you don't lock yourself out from access to your personal files!
Securing a home network is far simpler than securing the complex corporate networks that offer public services, but it still requires effort. Take the time to assess your network by verifying that your firewall is active, installing antivirus software, applying security patches, using WPA2 on your wireless network and encrypting your sensitive files. The few hours you might spend securing your network today may prove themselves worth the effort when they successfully protect you from hackers down the road!