As many more Internet-connected devices are brought into our homes, it’s important to make sure they’re secured against cyber attacks.
This page contains advice on how you can secure your devices around the home and elaborates on some of the guidance contained in our Pocket Guide to a Cyber Secure Home.
Download our Pocket Guide to a cyber secure home.pdf (PDF 3.2 MB).
Physical security
- Don’t leave devices visible to anyone passing your home, or in your car when you are out and about. If a device is stolen it could be easily hacked into by a cyber criminal, particularly if you haven’t secured it with a strong password.
- Activate the ‘Find My Device’ service, if available, for any portable devices you own.
- Instructions for activating 'Find My Device' for the most popular operating systems can be found by choosing the relevant link:
- Use device encryption technology such as Windows Bitlocker or FileVault for Mac OS. If a device is lost or stolen, the data contained on them is protected.
- Keep a secure automatic backup of your data separate from your computer, offline, and stored in a safe place. Alternative solutions from reputable providers now offer secure cloud backup services such as Google Drive, or Microsoft One Drive for example. It’s important to also know how to restore this data should you need to. You can read more about backups on this page under the 'Back up your Data' heading below.
- If you have a shared PC or laptop in the home, you can set up separate user accounts for each person.
- Find out how to set up user accounts on a Windows 10 PC or laptop
- Get advice on setting up user accounts on MacOS
- Visit our Mobile Device Security hub for further information on mobile device security
Back up your data
Your devices will probably have lots of personal data stored on them that could potentially be lost or stolen should a cyber attack be successful, so backing up your data regularly is recommended.
Many devices include cloud backup solutions. To set up or enable automatic backups for your device, go to the Help or Settings menu on your device, or in the app, for guidance.
If you don’t want to use a cloud service for backups, you can back up locally to an external hard drive, or a Network Attached Storage (NAS) device. A NAS device is a hard drive connected to your home network. External storage options can give you more control over the data being stored, which is especially important if it is sensitive or personal information.
Home network
Your home network includes all data that is transmitted via the broadband router your Internet Service Provider (ISP) has provided you with, and all the devices connected to it via a network cable or Wi-Fi.
It's important to familiarise yourself with how this device works, because all of the devices you use connect to it. If your network router is not secure, this affects your entire home network.
Take the following steps to better secure your home network:
- Change the default username and password to log into the device. Default usernames such as 'admin' and passwords like 'password' are not secure. Attackers will know the default username and passwords for most standard devices and can exploit this to get into your home network - then they could get access to all the data on your network.
- The following Internet Service Providers’ help articles explain how to change the default log in account details for the device - choose the relevant link from this list:
- How to change the default log in account details for BT
- How to change the default log in account details for Vodafone
- How to change the default log in account details for Sky
- How to change the default log in account details for Talk Talk
- How to change the default log in account details for Virgin Media
- You should know what devices are connected to your network. Some network providers will have functionality built in to the router that lets you see this in real time . On some routers you can also set up names for your devices to make it easy to identify them.
- It's recommended you investigate and remove any unrecognised devices from the network. Third party tools such as the 'Fing' app are available to help.
- Ensure automatic software updates are enabled on your Internet router if this option is available.
Wi-Fi
Because Wi-Fi signals are better than ever, your Wi-Fi connection can be reached outside your home which can make it more vulnerable to attack. There are simple steps you can take to help make it more secure and to protect your devices that are connected to it:
- You should change the default Wi-Fi password on your router to a strong password that is also easily remembered by you and other members of your household. This can be done by logging into your router’s web based menu (usually found at a local address similar to 192.168.1.0) and going to the Wi-Fi settings option. You can visit your Internet Service Provider’s website for an appropriate help article.
- Make sure that you use 'WPA2' or 'WPA3' as your network encryption method. You will need to log into your router to check this is the connection security that is being used. 'WEP' and 'WPA' are older and less secure and should not be used. Never set your Wi-Fi network to 'Open'.
- Change your network name (called 'SSID') so that it does not contain your Internet Service Provider’s name in it, such as VODA4321, or BTHUB123 - if you don't change it, you're revealing what type of router you are using and this will make it an easier target for criminals.
- If you use lots of smart devices like speakers, lightbulbs and appliances, consider setting them up on a separate network so that they are kept separate from devices that store private data, such as your PC. Most home routers will have a 'Guest' Wi-Fi network which you can enable to keep devices separate from your ordinary network.
Anti-virus and firewalls
Anti-virus software helps to protect your devices from malware such as viruses and spyware. Firewalls help to secure the data that is transmitted over your home network as well as data being sent and received over the Internet. These are two key tools to protect the devices in your home from any harmful activity by cyber criminals.
Follow these key tips:
- Check if your internet router has a built-in firewall and make sure it is turned on.
- We recommend that all devices within the home have firewall software installed on them. The most popular operating systems like MacOS and Windows now come with this basic feature built in - make sure it is turned on.
- There are many software vendors who sell anti-virus software which comes as a package with a firewall and other added extras such as browser pop-up blockers and password managers.
- Anti-virus software should always be kept up to date by enabling automatic updates so that you are protected against new and emerging threats for any vulnerabilities in your operating system and apps.
- Only download software made by reputable companies and from trusted sources.
Passwords
Strong passwords are important for all of your user accounts, making it harder for any hacker to guess or attempt to crack your password to gain access to your online accounts and services.
- Set strong passwords using three random words, the longer the better. A strong password is especially important for your primary email account as you probably use it as a username for lots of online services.
- Use strong, separate passwords for all of your user accounts and services. Using the same password for all services could leave all your user accounts open to criminals if just one account was compromised.
- Use password manager apps or save them in your web browser so you don’t forget your different passwords.
- Learn more about password managers in this guidance from the NCSC
- Check if any of your account passwords have been compromised in a security breach by visiting the website www.haveibeenpwned.com. If your password is flagged as compromised you should change it immediately.
- Keep mobile devices secure with a strong password, PIN, pattern, or use fingerprint or facial recognition technology. Mobile devices such as smartphones and tablets are more likely to be lost or stolen, and if they are not secured they could be used to steal your data.
- Don’t make it easy for someone to guess what your password is by using personal information that people might know about you - such as your partner or child’s name, pet's name or favourite football team.
- Find out more about password security
- Find out how you can secure your mobile devices (and download our pocket guide )
Two-Factor Authentication
Two-Factor Authentication (2FA), sometimes called Multi-Factor Authentication, is a free security feature that gives you an extra layer of protection online. It significantly reduces the risk of being hacked by asking you to provide a second factor of information, such as getting a code via text message, or from an authenticator app, that you need to input when you log in. This stops cyber criminals getting into your accounts, even if they have your password. You should enable 2FA for all services which offer it.
- Most 2FA systems recognise what device you are using and most online services let you control which devices are permitted to access your account.
- With 2FA enabled, if a device attempts to access your account, and it hasn't been used by you previously, you will receive a notification. It also means you won’t have to go through the 2FA verification process every time you use an app or service that has 2FA enabled on it.
- Read more about 2FA on the NCSC website
- Learn how to turn on 2FA for email and social media accounts
Surfing the Internet
Many of us shop, play games and watch movies online. To avoid being a victim of fraud or a cyber attack, there are some steps you can take to stay secure:
- Use an up to date browser. Old browsers will not have up to date features to protect you from unsafe websites and may have their own software vulnerabilities.
- You can check if your web browser is up to date by visiting the manufacturer’s website support pages, or by visiting www.updatemybrowser.org
- Check the address bar to make sure you are on the correct website you intended to visit.
- When shopping online it is good practice to limit visits to reputable brands that you know or have heard of before, and if in doubt, ask a friend or check out reviews of a website before proceeding with an order.
- Don’t give more information that is needed for your transaction - you don't need to create a full profile if you are making a one-off purchase.
- Consider more secure payment options, e.g. use a separate card not linked to your main bank account, or payment services like PayPal. Credit cards provide additional buyer protection. Using a credit card offers consumer protection and means that the retailer will not have your debit card details linked to your main bank account. Check your credit card provider’s terms and conditions for more information.
- Be wary of any emails that look like they are from a reputable retailer that you have purchased from in the past. Don’t click on links or attachments in emails that you are not expecting.
- Gaming can also pose some risks when paying for goods and services. Using official stores and following the guidance on securing your devices will help protect you from any attacks.
- Find out how to shop online safely
- Get advice on enjoying online gaming securely
Software
When a company finds a weakness in their software they release a 'patch' to fix it - and most software, apps and operating systems need to be updated regularly to repair or 'patch' weaknesses, or they will be vulnerable to attack.
It's recommended that you turn on automatic updates (if available) for your devices and software, so you won't have to remember each time.
Some devices and software need to be updated manually and you may get reminders on your phone or computer - don't ignore these reminders.
To find out how to to update the software on your operating system, choose the relevant name from this list:
Be careful about where you buy your software. It is highly recommended that you only buy and download software from trusted sites and official app stores so you can be sure of authenticity.
Downloading software from other sources can inadvertently download malicious software which can run in the background without your knowledge and be a major security risk to you and others in your household who use the same network. If a device is no longer supported by the manufacturer, replace it with one that is.
Phishing and smishing
Phishing is a type of 'social engineering' and is used by hackers to try and encourage someone to click on a fake website link or open an attachment (e.g a document, file or photo). Phishing emails often look genuine, appearing to come from legitimate companies or organisations. Smishing is a type of phishing where a fake text is sent to your mobile, encouraging you to click on a link or download something that will cause harm to you or your device.
You can spot phishing and smishing attempts by the use of emotive or threatening language (e.g ‘warning!’, ‘act now!’) or through spelling and grammar mistakes.
Follow these tips to stay secure:
- Be aware of scam emails and text messages that appear to be from reputable sources. Reputable organisations and the government will not ask for personal information in an email or text message.
- Be wary of clicking on unknown or suspicious website links. Before you click on a link you can hover over it with the mouse pointer to reveal the website address that it will direct you to.
- Website links might appear genuine, but could be hyperlink to a different website behind the text that looks like a genuine website link, so it's important that if you do click on a link that you check that you are on the genuine website you expected to visit.
- Be aware of other social engineering attacks such as vishing (via phone calls), as well as through social media.
- Remember, if it sounds too good to be true, it probably is.
- Send suspicious texts to 7726 (spells SPAM on your phone keypad)
- Report phishing emails to report@phishing.gov.uk
Read more about smishing and what to do if you get a suspicious email or text.
Privacy controls and cookies
Cookies are small information files that save your login details and other preferences. They can also track your location and online behaviour for marketing purposes.
Websites are obliged to ask you what your cookie preferences are the first time you visit them and you should make choices that you are comfortable with. Many website visitors will simply choose the 'Accept All Cookies' option without thinking about it.
You can also select privacy options for the web browser that you use in the settings.
For instructions on how to set up privacy options for the most popular web browsers, choose the relevant browser name from this list:
You can also select privacy options for individual apps on your device’s settings or in the app itself. It's a good idea to review these options on mobile devices, and it is recommended to allow an app to access just the minimum of what it needs to perform.
Many of us use social media, but you should avoid sharing too much personal information on these platforms. It's advisable to set up social media accounts to 'private' so that your information is not available to everyone on the Internet. This can be changed in the 'Settings' menu of most social media accounts.
Keeping children’s devices secure
Recent research from Ofcom reveals that half of ten-year-olds now own their own smartphone and by the time they are five, 35 % of children own their own tablet.
As well as having their own Internet-enabled devices, smart toys, and games, many children can easily access devices around the home, like smart speakers and TVs.
Here are some steps you can take to keep them safe and secure:
- Check privacy settings on games, software and apps your children are using.
- Use strong passwords for logging in. If your child has their own password, make sure it’s strong and hard to guess.
- Protect children with parental consent controls – this can be set up on most devices, apps, and games.
- Keep software up to date by enabling automatic updates or replacing a device if no longer supported - old software can pose a security risk by having unpatched vulnerabilities (see the Software section on this page to find out more)
- Make sure there is a password or PIN for you to verify payments they want to make.
- Set up content filters on their devices that will block inappropriate websites.
- Check the default settings on your child’s phone or tablet – these might include location tracking or camera access and you should turn these off so your child can't be identified.
- You can find useful tips on setting up and using devices on the Internet Matters website
- Read the NSPCC’s guidance on keeping children safe when using internet-connected devices.
Working from home
Working from home means that your home becomes a portal into your workplace and with this comes security challenges for you and your employer in ensuring data and systems remain safe and secure. Follow these steps to work from home safely:
- Be aware of your organisation’s policies and procedures.
- Know how to report IT incidents.
- Keep your devices up to date with the latest software and application updates.
- Only use approved software, and only download and install it from trusted sources.
- Make sure your anti-virus and firewall software is running and automatically updated.
- Ensure data is backed up securely, and never back up business data to personal storage areas.
- Beware of phishing emails or scams and know how to spot a fake email.
- Don’t let family members use your work device.
- Ensure that any corporate printed material and devices are appropriately secured in line with corporate policy.
- Find out more abut staying secure when working from home.
What to do if you become a victim
- If you think any of your accounts (including email accounts) have already been hacked, have a look at the NCSC’s guidance on recovering a hacked account (which includes what to look out for).
- If you’ve been tricked into providing your banking details, contact your bank and let them know.
- If you've given out your password, you should change the passwords on any of your accounts which use the same password.
- If you've lost money, tell your bank and report it as a crime to Action Fraud, the reporting centre for cyber crime, or you can contact them on 0300 123 2040.