Secure Your Home Wireless Network

It is important to protect your family's privacy and data by securing your home wireless network. Think of all the devices you have connected to your home wireless network such as computers, tablets, printers, TVs, gaming devices, smartphones, security cameras, lights, doorbells, thermostats, wearable devices, etc. All these devices access the Internet and must be secured in order to protect your family's privacy and data.

Here are some simple security steps you could take to secure your home wireless network:

Secure your devices

  • Patch, Patch, Patch! Update all your Internet-enabled devices with the latest operating systems, web browsers, and security software.
  • Change default usernames.
  • Change default passwords. Use strong unique passwords.
  • Use a passcode on mobile devices.
  • Use security software such as antivirus and anti-malware.
  • Enable the firewall on your operating system.
  • Backup your files, photos, music, and other digital information.
  • Remove unnecessary services and software.
  • Beware of phishing and social engineering

Secure your wireless router

Note: consult your router's instruction manual or contact your ISP for specific instructions on how to change certain settings on your device.

  • Change the name of your router. The default name or SSID is assigned by the manufacturer. Change it to a name that is unique to you and does not provide information about the model or manufacturer.
  • Change the preset password for your router. Leaving a default password unchanged makes it much easier for unauthorized people to access your network. Choose a strong password and store it in a safe location.
  • Encrypt WiFi traffic. When choosing your router's level of security, opt for Wi-Fi Protected Access II (WPA2) if available. These levels are more secure than the Wireless Equivalent Privacy (WEP) option.
  • Disable remote administration. It is unlikely you will need to access your router settings from a remote location or network.
  • Use a firewall. A firewall is a network security system that controls incoming and outgoing traffic based on predetermined security rules. It establishes a barrier between your internal network and the outside Internet.

    • Working Remotely during COVID-19

    Cybercriminals have been ramping up their tactics to take advantage of those who do not have adequate security measures while at home. Network Security alone is no longer sufficient, you are our best defense! We urge you to become knowledgeable and learn how to thwart these cyber threats that not only causes harm to your identity but to university resources as well.

    To assist you during this transition, we have created the guideline below on how to implement cybersecurity measures while working remotely.

    Beware

    The top 3 risks you should be mindful of include:

    Social Engineering

    Since the COVID-19 pandemic, attackers have launched many variations of social engineering attacks. These attacks are often associated with phishing, which uses email. However, social engineering can also be conducted via calls, automated calls/responses, text messages, social media and in person (face- to- face). As a result, we encourage you to stay vigilant and alert to avoid becoming a victim of social engineering or phishing.

    The various COVID-19 related phishing emails include those providing CDC alerts, health advice, and workplace policy. We are often familiar with phishing emails including links but attackers have gone back to old tactics of including malicious attachments to emails. In a phishing email appearing to be from the World Health Organization (WHO), the malicious attachment is a keylogger, allowing attackers to capture screenshots and data from browsers and email clients. As the pandemic worsens, the FBI has noticed phishing emails requesting for verification of personal information in order to receive an economic stimulus check.

    While economic stimulus checks are to be issued, the government is not sending emails or any communication requesting personal or banking information. Many people have been falling victim thinking that they must provide their direct deposit information in order to receive the relief. However, the most recent direct deposit information the IRS has for you from your 2018 or 2019 taxes will be used. If no direct deposit information is available, the relief would be sent in the form of a physical check via mail at the last known home address. It is important to note that this particular attack is not only occurring via email but phone calls, text and physical mail.

    If you anticipate receiving the relief check via mail, it is advised that you remove mail from your mailbox on a daily basis and as quickly as possible to prevent mail theft. Although we are in a crisis, precautions to safeguard your personal information should still be practiced. Attackers tend to use times like these, when we are seeking information or are most vulnerable, in hopes of us not implementing our usual cybersecurity measures to target our personal information.

    In addition to phishing emails, attackers have created malicious webpages such as providing a live map for COVID-19, which seem harmless in nature, but rather infecting your system with an information stealing program that can steal sensitive data. Remember that FIU will NEVER ask for your username, password or sensitive information via email.

    Below are some examples:

    For information and updates regarding COVID-19, it is recommended to visit trusted websites such as the Center for Disease Control (CDC), World Health Organization (WHO) and FIU's Coronavirus Updates.

    Updates

    To avoid your machines from getting comprised, it is important to keep your devices and applications updated with the latest software and patches. Updates and patches are not only focused on providing additional features, but rather implementing security to mitigate flaws that can be exploited by attackers to gain access to your device. We recommend that you avoid delaying these updates.

    Passwords

    All precautions, security measures and policies relating to passwords should be followed more closely while working remotely. Passwords should never be shared or written anywhere. For additional security, use Two-Factor Authentication (2FA), which adds another layer of security to your accounts. If your password is ever compromised, 2FA can prevent an attacker from gaining access because in addition to your password 2FA requires your phone to gain access. In the event that your password is compromised you should change it immediately.

    Prepare

    In order to stay up to date with the latest security threats - especially when working remotely --we encourage everyone to complete the mandatory Cybersecurity Awareness Training, which is a great resource on the topics such as social engineering, phishing and much more.

    Support

    Even though you may be working remotely, an incident or suspicious event may still occur. The Division of IT will be here to support you! For incident response email security@fiu.edu.

    If you suspect a phishing email, you can easily report it via the Phish Alert Button available in your FIUmail.

    Phish Alert Button and Reporting Phishing/Suspicious Emails

    Resources

    Below are resources relating to cybersecurity and staying secure.

    Information Technology Guideline for Remote Access & Work from Home Off-Site FIU IT Equipment Security Guideline Remote Access Self-Assessment Checklist