This morning, Rachel Martin of NPR aired a story entitled “Sounding the alarm about a new Russian cyber threat” reporting that both the U.S. and U.K. have issued warnings that “Russia is actively preparing for a future cyberwar against the West.” The story pointed to a United States Computer Emergency Readiness Team (US-CERT) alert, last updated on April 20.

The US-CERT alert contained a lot of technical information aimed at those who maintain a large network. But how should the rest of us with home Wi-Fi routers and smaller home office networks respond?

During a discussion one UD IT staff member had with his church community, the parishioner who set up the church’s network offered this common sense advice:

These [Russian] attacks have been ongoing since at least last fall and are mainly targeting large corporations, research institutions, and utility infrastructure. The hackers are mostly gaining access through social engineering, including phishing and spear phishing, or by taking advantage of poor cybersecurity practices at targeted facilities. Those methods have been highly effective, and they have gained elevated access to a number of corporations and utilities.

The biggest risk as a home user or small office is to be compromised as part of a botnet or cryptocurrency mining operation or to be used as a “safe haven” for illicit content. You don’t want any of that, but those situations can be prevented by some simple steps:

  • Change your router Wi-Fi password and administrator password to something other than the default password(s), otherwise attackers can easily gain access to either side of your router. If you don’t know how to do that, ask your internet service provider (Comcast, Verizon, etc.).
  • Don’t install software unless you are absolutely sure of its provenance and your need for it. “We need to install this software so that you can play our free game,” is not OK.
  • Don’t open unknown or unexpected e-mail attachments. A common phishing trick is to send you an “invoice past due” email with an attachment that you can “review.” Whoops! Download the file and you may have downloaded malware.
  • Keep up with all your computers’ security patches!
  • Don’t buy networking or computing equipment off of eBay or other used sources unless you are absolutely sure of what you are doing.
  • Don’t allow unknown devices (even phones) to be plugged into your computer.
  • If you find a USB stick labeled “Party Pics” or “Top Secret: Not for distribution” in a parking lot, don’t plug it into your computer.

There are a lot more things to be done if your work is of a secure nature, but these common-sense steps will prevent all but the most persistent attackers from obtaining access to your home or small office Wi-Fi network.

For more information about best practices UD employees should follow, consult with your departmental or college IT staff or review the Best Practices at the Secure UD website. And above all,

Think B4 U Click!