Premitel Blog

Is my home WiFi network safe?

Written by Shineen Brown | Nov 19, 2019 2:14:47 PM

Ever wonder how much your ISP knows about your web history? Would you like to secure your home WiFi like a pro? In our blog post we talk about how to secure your data privacy and WiFi network.

WiFi is the most popular way to connect to the Internet at home and at your workplace, but have you stopped to think how secure your WiFi is? WiFi users rarely think about the security threats to their devices, data, and communications through poorly secured networks.

What online activity can your Internet Provider see?

In short, everything. Although, it’s not likely someone is sitting behind a desk tracking your every move on the web. 

Why is your ISP tracking you?

The way the internet works is that you request a website through your device,  then your Internet Service Provider (ISP) sees your request and connects you to the website. This happens with all ISPs whether it is your mobile network, WiFi provider, broadband provider at work and so on. So, yes your ISP can see the websites you visit - but this is part of their job.

What is of interest is what happens to that information. If it is logged and stored then it can be analysed or shared. Your logged data could be used for law enforcement but it’s most likely going to be sold to advertisers. 

The best way to find out what your ISP does with your data is to ask them outright. 

At Primitel, we do not monitor or record clients’ internet requests. Your privacy matters to us and is protected at all times.

Can my ISP see the information I exchange with websites? 

That depends. Since ISPs are the link between your device and the website your data has to flow through them. But, if that data is encrypted then only your device and the website can see the data that is exchanged - your ISP will not be privy to the data. 

Understanding the difference between http:// vs. https://

As a rule of thumb, websites that start with "http:// " can be snooped on, while those with "https://" are secure. The “s” means that the site is encrypted via an SSL (secure sockets layer) certificate and your information cannot be intercepted. 

The image below, from SEOPressor, gives you a better understanding of how this works:

Image source: SEOPressor

Using an unencrypted website doesn’t mean that your ISP is logging and storing your data, it just means that they could. Once again, ask your ISP what their position on this is, they are obligated to tell you. 

What data does your ISP store, and what power do you have over this?

In South Africa, ISPs only collect usage data. They track usage behaviour mostly to optimise your browsing experience. Although other nations have started to legally require ISPs to collect more personal information from their users, South Africa still has robust privacy laws.

For example, RICA does not allow ISPs to intercept or monitor data traffic. If law enforcement needs an ISP to intercept or monitor a user's traffic,  they must adhere to the strict requirements laid out by section 205 of the Criminal Procedure Act.

What policies, acts, and regulations should your IP be following to collect, store, and protect your data?

There are various robust laws that govern how ISPs handle your data . Here at Premitel we comply with RICA (Regulation of Interception of Communication Act), POPI (Protection of Personal Information), FICA (Financial Intelligence Centre Act) and FiAS (Financial Advisory and Intermediary Services Act). 

Because we adhere to these laws you can be assured that we don't share, distribute, or release client information with anyone.  

How to secure your home WiFi network

The primary reason that most people don't think about the security of their WiFi is because it sounds like a highly technical issue. We will simplify the jargon and give you practical steps you can take to make your WiFi network more secure.

1. Change your default login and settings

Customers rarely think about this simple step. Imagine the number of devices that the manufacturer of your WiFi router has to make, now think about the effort it would take to have a different login for each of them. That would be an administrative nightmare, so what device manufacturers do is use the same simple username and password for all its devices. So, if a hacker knows the default login details for your router, they can access your admin console and lock you out of your own network. 

The default username and password are usually printed in the booklet or on the back of the device.

Here is how you access your WiFi router console so you can make changes

  1. Connect your device (laptop, phone, tablet etc) to the WiFi router.
  2. Open any browser on your device and type in the WiFi router IP address.
  3. That's it, you are in! 

As explained earlier, manufacturers use the same settings for all their devices, so the WiFi IP router address is the same for all devices. Actually, most manufacturers use the same address. So a WiFi router IP address is most likely to be one of the following:

  • http://192.168.0.1
  • http://192.168.1.1
  • http://192.168.2.1
  • http://192.168.1.100

Another default setting that comes with all devices is the network name or service set identifier (SSID). Manufacturers and ISPs usually use their own names and product model numbers as a network name. That's free information that a hacker can use to hack your network. Change your network name to something with no personal or security details. You can change your WiFi name and SSID in your router's console under the “WiFi name” or “SSID” tab and enter a new name.

The same applies to your internet enabled devices. Once you get your router or any internet enabled device, simply change the default login to a personalised one and you are one step closer to security.

2. Set a strong password

Considering the number of passwords we need for social media, emails, office, and websites, it's easy to forget that you need a strong password for your own network. We get it, remembering all those passwords is a drag and can be draining, but it's still necessary. Hackers actually rely on your lack of enthusiasm for password protection to get easy access.

To change your WiFi password go into the security settings of your router console. Once there make sure that you;

  • Create a really long complicated password using letters, numbers, uppercase letters, lowercase letters, and special characters. The more random the better.
  • Store that password in a hidden file or on paper safely tucked away.
  • Do not share your password with just anybody, be prepared to say "no". If you must give any access, rather put the password into the device yourself (most devices hide the password once entered).
  • Regularly change your password (monthly is a good frequency).
  • Turn off WiFi Protected Setup (WPS).

WPS uses a numeric code or button to connect IoT devices and game consoles. Although the button method is safe, the numeric code is an easy target for hackers and poses a real risk to your network.

Here at Primitel, only allowed "addresses" from vendors have access to Premitel voice services. These will have been agreed to between Premitel and vendors, but each client has to install and enforce its own set of security rules.

3. Hide your network

A simple rule of defence, attackers can't hit what they can't see. So hide your network name or service set identifier (SSID) so it will be harder to find. Have you noticed that "Hidden Networks" tab on your device? Well users' devices who don't know the name of the network won't see it. let alone connect to it. Only users with the name of the network will be able to connect. 

A low tech and effective way to hide your network is to simply switch it off. You can do this while you are asleep or out of office. Limiting the time that the WiFi network is active significantly reduces the opportunities for hackers to penetrate it.

4. Enable your router’s firewall

Hackers can use the Internet to access your home or workplace WiFi network. To stop this you need to enable your router's firewall.

Your router should have a firewall installed and it is accessible through the console settings. After you have enabled your router's firewall, ensure;

  • Your firewall blocks unapproved port access requests or pings.
  • You turn off remote access.
  • Network Address Translation (NAT) is enabled to protect your network. This blocks traffic from unknown sources before it reaches your device. 
  • Your UPNP (Universal Plug n Play) and port forwarding options are disabled.

Keep in mind that disabling UPNP can interfere with some online games and data transfer protocols.

Premitel installs client site routers with advanced firewall capabilities and rules to mitigate security breaches. We provide firewall implementation with AAA authentication in our Core switching and routing equipment with limited access from client sites, to mitigate breaches within our exchanges.

5. Create a separate SSID for guests

Some WiFi routers enable you to create a separate WiFi network for guests. This means two (or more) WiFi networks can come from a single router. Using this feature allows you to protect the data, network, and privacy of your primary WiFi network. It also allows you to limit how much data and network your guests can consume, so they do not finish your capped data or interrupt data streaming. 

Do not leave the guest network open, practice every security protocol as you would your main one. This not only protects your main WiFi network but also your guests who transmit their own data through your router network.

6. WiFi encryption

The transmission between your device and WiFi can be secured using encryption. This is done one of three ways namely: Wired Equivalent Privacy (WEP), WiFi Protected Access (WPA), and WiFi Protected Access 2 (WPA 2). What you need is WPA 2, and if possible WPA 2 AES to protect your transmissions. The AES Cypher is a level of encryption that is impossible to crack. 

You use the WiFi router console to choose which level of encryption you would like to enable.

7. Update your firmware

Updates for your router can come with new security patches. Check if your router needs manual input to check and install updates, some do this automatically. Although these updates are rare they are crucial to securing your network. You can check for updates using the router console.

A weak WiFi Network exposes your business and family to hackers and malware. Any data sent through a compromised WiFi network can be intercepted and exploited. The world is excitedly moving to the Internet of Things (IoT) where every home (TV, fridge, AI assistants like Alexa) and workplace (vehicles, machinery, and robots) device is connected to the internet. Access to these devices could easily compromise your privacy, safety, and productivity. Stay informed about your rights as an Internet user and create good habits that will deter threats.

Stay up to date with the latest tips, trends and insights by subscribing to the Premitel blog. We’ll send our latest helpful content straight to your inbox.