Security begins at home – how to do a “back to basics” security overhaul on your family network

  • TECH
  • Monday, 11 Nov 2013


My wife recently went back to work after spending a considerable amount of time away to look after our children.

With her work and home IT needs now converging on our family network, this got me thinking about security in a whole new way.

For over a decade now I've been responsible for maintaining security resources and advising Sophos customers and partners about security best practices.

I also do a fair bit of public speaking for Sophos on emerging threats and protection strategies and am always in contact with IT professionals and end users.

What I haven't done so well is make sure that those closest to me get the same benefit from my experience.

While I practice what I preach, it occured to me that my family doesn't get the equivalent level of attention.

The old adage about the cobbler's kids came surging to mind.

So here's a checklist of what I did.

Getting started

The first step was to get a laptop and configure it with all the necessary tools.

My wife works for a company that provides online services and is fortunate to work from home most of the time.

It also means that she spends a considerable amount of time online and handling potentially sensitive information.

The company is a small start-up, so she is mostly on her own when it comes to providing and securing these tools.

The basics

Since she is comfortable with computers, but by no means an expert, I went with the sensible option of Windows 7 Ultimate with Microsoft Office and Chrome.

This combination makes my job much easier when it comes to off-the-shelf hardware, general availability of tools, patching and compatibility of software.

And of course, I also made sure that the laptop was running up-to-date anti-virus software.


With all the software installed, it was time to think about disk encryption.

I chose BitLocker because it gives me full disk encryption built into the operating system.

(Linux and Mac users have similar built-in options in the form of cryptsetup and FileVault2.)

If you plan on having any sensitive information on a portable device, I highly recommend that you encrypt it.

File storage and sharing

Next we looked at ways to securely share and store files in the cloud.

I've been using ownCloud for some time so I created an account on my server for my wife.

The benefit of ownCloud is that it allows me to control how and where the files are stored.

It also serves as a handy way to back up her files automatically by using the sync client, and works equally well on a smartphone.

If you prefer to use some of the available free cloud services for file storage and portability, make sure you understand how it's all secured and consider adding your own layer of encryption as well.


Then came the end-user training.

This is where we talked about the benefits of complex passwords and using different passwords for every site you interact with.

(Enjoy this video? Check out the SophosLabs YouTube channel.)

Like many users, my wife at first balked at the concept of different (and complex) passwords for every site.

However, she's been using a password manager, in her case, LastPass, for some time, so choosing new and secure passwords was easy.

The password manager also made adding two-factor authentication relatively painless.

Securing the network

Let's not forget about the network.

At home, we use the free Sophos UTM Home Edition which looks after our firewall needs as well as providing web and email filtering, intrusion prevention and a VPN (virtual private network) for secure remote access.


Since we’re talking networks, I should mention that our home wireless network is also set up with security in mind.

I have nearly 20 devices that require connectivity, and although I still use wired Ethernet for some devices, for others, Wi-Fi is my only choice.

With that in mind I selected WPA2 Personal for my security mode with a 20 character passphrase.

Sure, it’s long and complex but I only had to enter it once on each device - the device are good at remembering it so I don’t have to.

Smartphone protection

I also encrypted my wife's smartphone too, and ensured she had better than a four-digit passcode to unlock it.

After all, she receives work and personal email on this device.

While I was at it, I installed the Google Authenticator app so we could add two-factor authentication to all of her social media sites - especially Facebook and Twitter, which she uses both for work and for play.

Was it worth the trouble?

This was an interesting exercise, and well worth the time I spent on it.

My wife will undoubtedly be safer and more secure online; her employer's data will be safer, too, thus spreading the benefits well beyond our own network.

It also provided me with a good checklist to go out and evaluate the security posture of my friends and family .

After all, if I'm going to provide them with technical support, I might as well make sure they're standing on a good foundation.

Now, time to go explain elliptic curve cryptography to the kids!


About John Shier

John Shier is a Senior Security Expert at Sophos. John is a popular presenter at security events, and is well-known for the clarity of his advice, even on the most complex security topics. John doesn't just talk the talk: he also gives hands-on technical support and product education to Sophos partners and customers.  He wrote this for the Sophos Naked Security blog: Sophos is headquartered in Oxford, UK,
Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 1
Cxense type: free
User access status: 3

Stories You'll Enjoy