These days, most lawyers are taking appropriate steps to see that all work-related servers, computers, mobile devices, and cloud-based apps are properly secured. Unfortunately, the same can’t be said about all their personal devices and accounts. Admittedly, while more than a few give it the old college try, one personal device that is often overlooked is the wireless router in their homes.
Even if the amount of time spent working from home is minimal, all lawyers and staff need to make sure this device is properly secured. Not only is such a step now ethically mandated in a number of jurisdictions; but your clients expect you, as their lawyer, to take whatever reasonable steps are necessary to keep their personal information and your communications with them secure. Given that much of the workforce shifted to working from home in 2020, securing home routers has become particularly important because cyber criminals have shifted their focus to home devices. Heaven forbid your home router, or the home router of a staff person, ends up being the weak link that enables a successful breach into your office network.
The good news is that you don’t need to be an IT security expert to take care of most of the basics. Start by pulling out your instruction manual. If that’s no longer available, instruction manuals are often available online. Just do a search for it using your router make and model number. With that in hand, make sure to address the following recommendations if they have not already been taken care of:
- Because the default administrative username and password are easy to guess, you should change both. Best practices now call for a complex password of at least 20 characters comprised of uppercase and lowercase characters, numbers, and symbols. And since many router manufacturers all set the default username as Admin on all their devices, pick a username that’s unique to you.
- Change the network SSID (the name of your network) defaults. Every router comes with a default network name. Change it to something unique to you but don’t have it be something that might identify you. As with the router’s administrative password, also create a similarly strong network access password.
- Set up a guest network with its own unique SSID and password because all guests, including friends of any kids, should never have access to your home network.
- Make sure the firmware version of your router is current. Update to the most current version if it isn’t already updated, because version updates are how security patches are delivered to your router. If your router has an auto-update option, make sure that is enabled. If no firmware updates have been released in the last 12 to 18 months, replace your router with a newer model.
- Confirm that the network authentication method is set to WPA2-personal, or even better, WPA3-personal if that option is available. WPA3 is the more secure encryption language of the two. If neither of these options are available on your router, replace your router with a newer model.
- Turn off UPnP (Universal Plug and Play). Yes, I know this can make connecting new devices to the network less convenient; but leaving it on provides hackers an access point that can be used to insert malware on to your network, including things like programs that seek to capture login credentials to your bank accounts.
There are additional steps one can take to further secure a home router but a follow-through with these most basic steps will go a long way toward seeing that your home router is properly secured. That said, one final note. I know that keeping track of long complex passwords can be a stumbling block for some. That problem can be easily solved with a password manager. Given all the login credentials we’re all trying to manage nowadays, the use of a password manager has quickly become a true necessity.