A router on a desk for a story on router security.

When it comes to safeguarding your personal data, there may be no more important piece of tech than your humble router.

Because these devices transmit all the data that flows in and out of your home, including email and credit card information, routers have long been a favorite target for hackers.

In Symantec’s 2018 Internet Security Threat Report, routers were cited as the most frequently exploited type of device in IoT attacks.

Hackers can use malware or design flaws to hide their identity, steal bandwidth, turn your devices into botnet slaves, or worse. They can also take advantage of improperly set up devices.

Most recently, VPNFilter malware, which affected half a million routers, disabled SSL encryption in infected routers. This allowed hackers to see data in plain text and steal passwords or financial information.

To prevent that and other security problems, here are some tips that will help you keep your family’s data and devices safe.

More on Digital Security

Some steps can be done quickly after logging in to your router, such as creating stronger passwords and turning on automatic updates. But others, such as installing antivirus software, require a bit more effort.

Ideally, you should do all of them. But following just two or three of these steps can help to keep your private data safe.

Update Your Firmware

Router manufacturers typically roll out software updates throughout the year to address security problems. If your router has the latest updates, you're much less likely to be infected with VPNFilter or another form of malware. 

Newer models make this relatively easy through a mobile app, which you can download to a phone just like any other app.

For other routers, you'll need to open a web browser and type in the device's IP address. Very often, the address is 192.168.0.1 or 192.168.1.1. But this varies by brand, as do the instructions for downloading and installing your software. So do an online search for the customer support pages for your router model.

Once you update, don't log out.

Instead, take some more time to really strengthen your defense against future attacks. Routers are chronically ignored by many consumers, but Consumer Reports' data security and router experts say that taking the following steps can help protect you going forward.

Turn On Automatic Updates

The easiest way to make sure your router always has the newest, safest software is to set up automatic updates, which are available on many newer models. To see whether this is an option for you, check the router's companion app or look in settings.

If your router doesn't allow automatic updates, you'll have to periodically download and install the new software from the manufacturer's website yourself.

To be safe, do this every quarter, advises Rich Fisco, who leads the router testing at Consumer Reports. You should also see whether there’s a way to get security notices via email from your router’s manufacturer. The best way is to complete the product registration process online, during which you’ll be given the option to receive notifications when new software is available.

But eventually, companies will stop releasing new software for old routers, and just when this happens will vary by brand.

“If you find your router is no longer getting updates,” Fisco says, “it's too risky to keep using it. Verify its status with the manufacturer, and if it has reached the ‘end of life’ stage, buy a new router.”

Use Strong Passwords

If you've never done so, you should change two crucial passwords on your router: the one that lets you manage the device's settings and the one that lets you connect other devices to its wireless network.

This prevents a hacker from using a default password—or one that's easy to guess with a little online sleuthing—to access your network and potentially control your router. If that were to happen, the hacker could change your passwords, spy on you, or access the files on a network-attached hard drive.

Be sure the passwords you create are strong. They should have at least a dozen characters, with seemingly random upper- and lower-case letters, numbers, and symbols. “Having a password people can easily guess only prevents those who are indifferent from breaking in,” says Robert Richter, who oversees CR's security and privacy testing program.

Turn Off Features You Don't Use

Modern routers come with many handy features that help you manage your WiFi network, but some of them also create weak spots in your security wall. “The more things there are to poke at, the more likelihood one of them will break,” Richter says.

So while you’re logged in to your router's settings, take a minute to review applications that could present opportunities for hackers.

If you don't use Remote Administration (also known as Remote Management or web access from WAN), make sure it's turned off. This denies access to the router's control panel from outside your home network. In most routers, the feature is off by default, but you should confirm this by going to the advanced or administration section of the settings menu.

Disable Universal Plug-and-Play, which many home routers have enabled by default. UPnP can help devices on your home network connect to each other, but the added convenience isn't worth the security risk. This feature can make it easier for malware to spread through your network.

To disable UPnP, log in to your router like you would when changing your password. Find the "tools," "advanced," or "advanced networks" menu. From there, make sure the “Enable UPnP” box is unchecked.

After doing so, you may notice hiccups in the performance of certain devices on your network. You may need to retype the WiFi password into a Chromecast streaming stick, for example. But most laptops, speakers, TVs, and printers should make the transition without a hitch.

And last, if you have a guest network without a password, disable it. You don't want unwanted guests using it without permission. Not even the neighbors' kid, who may decide to download movies illegally via your internet connection.

Install Antivirus Software

Antivirus software can protect your router—and by extension all devices connected to it—by identifying malicious software used to collect and encrypt the personal data on a computer, rendering it useless.

Just make sure you download the software from the manufacturer's official website, because scammers have been known to create fake sites. And double-check whether you're downloading the free or paid version. 

There are good arguments for both.

No-cost applications, such as Avira Free Antivirus, can be very effective, and several have done well in Consumer Reports testing. However, the software you pay for tends to offer extra benefits. It may provide protection against phishing schemes used by cyberthieves to trick people into giving up login credentials or financial information, for example. It may also feature antispam protection, built-in backup software, and a browser toolbar that alerts you when you're visiting a site that hosts malware.

Use WPA3 When It's Available

Security protocols for routers improve over time, which means the old ones get outdated. The WiFi Alliance, which oversees technical standards for wireless networks, has now rolled out a new protocol, WPA3

The protocol essentially makes it much harder for criminal enterprises to guess your network password by using hacking tools to automatically cycle through tens of thousands of possibilities, says Kevin Robinson, vice president of marketing at the Wi-Fi Alliance.

New laptops and other products start coming equipped with WPA3 this summer. As they go on sale they will be listed on the WiFi Alliance's Product Finder.

But you'll also be able to update many existing routers. Check for updates in your router settings.

Until WPA3 rolls out, the best network security is provided by a protocol called WPA2-AES. Make sure in your router settings that you have that protocol turned on and an older protocol called WEP turned off.

If you have a really old device, it may not support WPA2-AES.

“Unfortunately, router manufacturing and security research aren’t always aligned,” says Richter. “So older routers may not be equipped with newer protocols.”

If you have one of those routers, he says, it's time to replace it.