If you’re lucky, the process will be automatic; you might even get alerts on your phone every time a firmware update gets applied, which usually happens overnight. If you’re unlucky, you might have to download new firmware from the manufacturer’s site and point your router towards it. If so, it’s absolutely worth the extra effort.
Disable Remote Access, UPnP, and WPS
A lot of routers come with features designed to make remote access from outside your home easier, but unless you need admin-level access to your router from somewhere else, you can usually safely turn these features off from the router settings panel. Besides, most remote access apps work fine without them.
Another feature to look out for is Universal Plug and Play. Designed to make it easier for devices like games consoles and smart TVs to access the web without making you wade through a lot of configuration screens, UPnP can also be used by malware programs to get high-level access to your router’s security settings.
Keeping remote access and UPnP turned on won’t suddenly expose you to the worst of the internet, but if you want to be as safe as possible, turn them off. If it turns out that some of the apps and devices on your network rely on them, you can enable the features again without too much worry.
You should also think about disabling Wi-Fi Protected Setup. WPS has good intentions, letting you connect new devices with a button push or a PIN code, but that also makes it easier for unauthorized devices to gain access; a numerical PIN is easier to brute force than an alphanumerical password. Unless you specifically need it, disable it.
Use a Guest Network, If Available
If your router has the option of broadcasting a so-called guest network, take advantage of it. As the name suggests, it means you can grant your guests access to a Wi-Fi connection, without letting them get at the rest of your network—your Sonos speakers, the shared folders on your laptop, your printers, and so on.
It’s not like your friends and family are hackers in disguise, but letting them on your primary network means they might access a file that you’d rather they didn’t, or inadvertently change a setting somewhere that causes you problems. It also puts another speed bump in the way of someone who is secretly trying to get access to your network without your permission—even if they’re able to get on the guest network, they won’t be able to take control of your other devices, or your router.
Your router should have the option to hide the SSID of your main network—basically the name of the network that appears when your devices scan for Wi-Fi. If visitors can’t see this network then they can’t connect to it, but you’ll be able to add devices to it because you’ll know what it’s called. (And if you’re not sure, it’ll be listed in your router settings.)
Keep Security in Mind
Despite decades of relative neglect, most routers launched in the last couple of years come with excellent security built in. Manufacturers appreciate the importance of router security and reliability more than ever, so the products are much more user-friendly than they used to be. They now handle lot of the key security settings for you.
With that in mind, one of the highest risks to your router is that it’s compromised by a device that it thinks it can trust—in other words, something on your phone or laptop gets access to it and causes some mischief, perhaps by secretly opening an entry point to your router that can be accessed remotely.