I spent over 22 years in the FBI performing criminal cyber and forensics investigations. Many of these investigations led us to people who were innocent of the alleged crimes but who were guilty of unknowingly allowing criminals to hijack their home or business Wi-Fi networks. These cyber-criminals were committing crimes while leaving a digital fingerprint that pointed at people guilty only of poor Wi-Fi security.
If you do not encrypt your Wi-Fi settings, you may get an early morning visit from my former FBI colleagues investigating federal crimes such as child pornography or terrorist threats. Why? You might be the victim of a nefarious behavior known as “War Driving,” which occurs when cyber-criminals drive through your neighborhood, identify unencrypted Wi-Fi signals, and do their evil bidding using your Internet Protocol or IP address. When law enforcement checks the IP address associated with the criminal behavior, it is your name and address that surfaces. Often this connection can be the basis for a criminal search warrant with your name on it. Many a front door has knocked down as a result of this kind of search warrant.
Even if you are not technically savvy, you can protect yourself and your data. While there is no panacea to ensuring a 100% secure Wi-Fi network, use these tips to better secure and encrypt your home or business Wi-Fi signal:
- Change the default name of your home or business Wi-Fi network (“SSID”). If the name of your SSID is “Netgear” or “Orbi,” you have informed War Driving cyber-criminals what type of Wi-Fi system you use. Also, do not use your first or last name as your network ID. You can usually change your SSID default name on the “app” associated with your Wi-Fi set up.
- Ensure your network Wi-Fi password is unique and strong. According to Norton, do not use the word “password” or your kid’s name or birthday as your password. Also, avoid using words found in a standard dictionary (they are more susceptible to a “brute force” password “dictionary” attack). Make your Wi-Fi password at least 9 characters long. Make sure you do not use common or easily guessed passwords.
- Make sure the Wi-Fi network encryption is turned on. Some manufacturers leave this setting off by default, but you can usually turn it on via the app in the “Settings” section. If the Wi-Fi provider gives you a choice of encryption levels, it is critical to use at least “WPA2.” If available, you should instead use “WPA3,” which is the newest Wi-Fi encryption standard. For now, however, WPA2 is very secure. The older “WEP” encryption standard is no longer secure and will leave you exposed to a simple “brute force” password attack. WEP is easily defeated by cyber-criminals. Do not use it!
- Turn off “Network Name Broadcasting” — especially if you are a home user. This feature is for businesses like restaurants or libraries that broadcast their Wi-Fi signal for a greater range of effect. If you do not publicly broadcast your Wi-Fi symbol or do not know what this means, turn this setting off.
- Keep your Wi-Fi router settings and firmware up-to-date. Most common Wi-Fi devices will make this setting easy to find and easy to use. If you can update your firmware, you should.
- Operate your network behind a quality home router or firewall. Using a quality home router will help protect you against most unsophisticated cyberattacks. Many cable modems have a simple router built in; you should use it. If you are not sure how to set this up, call your Wi-Fi technical support representative and ask them to help you configure your settings correctly.
A tremendous amount of personal information and data is stored on home and business Wi-Fi networks. Additionally, many devices you use in your home, car or business are also part of the “Internet of Things” (IoT), and most of these devices have poor internal security. Instituting a more-secure Wi-Fi network will better secure your personal data, prevent you from falling victim to a War Driving attack and protect your IoT devices from cyberattacks.
The material contained in this communication is informational, general in nature and does not constitute legal advice. The material contained in this communication should not be relied upon or used without consulting a lawyer to consider your specific circumstances. This communication was published on the date specified and may not include any changes in the topics, laws, rules or regulations covered. Receipt of this communication does not establish an attorney-client relationship. In some jurisdictions, this communication may be considered attorney advertising.