Cyber security

Most household cyber compromises are not sophisticated attacks. They are the consequence of reused passwords, default router credentials, and data stored only in one place that nobody tested restoring. The Texas family whose home computer was ransomed for $1,200 in 2024 — then targeted again weeks after paying — lacked a tested backup. That is the story of most residential cyber incidents: ordinary failures, not extraordinary attacks.

This page covers the operational cybersecurity layer for households, with a focus on maintaining access to critical information and communications during disruption. For coverage of infrastructure-scale attacks, see the threats section.

Passwords and account security

Credential reuse is the single most common preventable failure. When one site is breached — and breaches happen at thousands of services every year — every account that shares that password becomes vulnerable. The fix is straightforward: a unique, randomly generated password for every account, stored in a password manager.

A password manager (Bitwarden, 1Password, and KeePassXC are widely used options) generates and stores passwords you never need to memorize. Your only task is protecting one strong master password and access to your email recovery address.

Multi-factor authentication (MFA) requires a second verification step — typically a time-based code from an authenticator app — in addition to your password. Enable it on every account that supports it, starting with:

  • Primary email account (compromise of this unlocks everything else via password resets)
  • Banking and financial services
  • Cloud storage and document services
  • Any service tied to your phone number or home address

Avoid SMS-based MFA (text messages) for high-value accounts when an app-based option is available. SIM-swapping attacks can intercept text codes.

Store MFA recovery codes offline. When you set up MFA on a new account, you receive one-time backup codes. Print them and store them with your household documents, or write them in a dedicated recovery book. A locked phone without backup codes locks you out of every account simultaneously.

Email is the master key

Whoever controls your primary email address controls your entire digital life through password resets. Protect it with the strongest password you have and app-based MFA. Treat it with the same priority as your primary banking credentials.

Network segmentation for IoT devices

Modern households run dozens of internet-connected devices — thermostats, security cameras, smart speakers, baby monitors. Many of these devices have poor security track records: default passwords, infrequent firmware updates, and limited encryption. Placing them on the same network as your computers and phones creates a lateral movement path: an attacker who compromises a camera can pivot to your laptop.

The solution is network segmentation: placing IoT devices on a separate VLAN (Virtual Local Area Network) or guest Wi-Fi network that cannot communicate with your primary devices. Most modern home routers support this natively through a guest network feature.

Steps for basic segmentation:

  1. Log into your router's admin interface
  2. Enable the guest network (or create a separate VLAN if your router supports it)
  3. Connect all smart home devices, cameras, and appliances to this secondary network
  4. Verify that devices on the secondary network cannot access your primary network — most routers enforce this by default in guest mode

Devices that benefit from isolation: security cameras, smart TVs, game consoles, smart speakers, IoT appliances. Devices that should remain on your primary network: computers, phones, and network-attached storage.

Field note

The fastest way to check whether your guest network is actually isolated: connect a device to it and attempt to browse to your router's admin interface (usually 192.168.1.1 or 192.168.0.1). If the admin page loads from the guest network, isolation is not working.

Offline data backups

Digital records you cannot access without internet connectivity are not preparedness assets — they are liabilities waiting for the moment when the internet is unavailable. Bank account numbers, insurance policy details, medical records, identity documents, property deeds, emergency contacts: all of these need to exist somewhere you can reach them when systems fail.

The 3-2-1 backup rule is the baseline standard: three copies of your data, on two different media types, with one copy off-site.

For households:

  • Copy 1: Active data on your computer or phone
  • Copy 2: External hard drive or USB drive stored at home, encrypted
  • Copy 3: Encrypted cloud backup or a second external drive kept off-site (at a trusted family member's home, a safe deposit box, or a rented storage unit)

Encryption for stored drives: Any external drive containing identity documents, financial records, or personal data should be encrypted. BitLocker (built into Windows Pro), FileVault (built into macOS), or VeraCrypt (free, cross-platform) all provide strong encryption. A lost or stolen encrypted drive is a minor inconvenience. An unencrypted drive is a complete identity compromise.

Test your restores. A backup you have never tested restoring is not a backup — it is a hope. Schedule a restore test quarterly: pick a file or folder from your backup drive, restore it to a temporary location, and confirm the contents are intact and accessible.

Printed critical documents: For genuine continuity during infrastructure disruption, keep a physical copy of the following in a fireproof box or sealed waterproof bag:

  • Government-issued ID (passport, driver's license) — photocopy
  • Insurance policy numbers and emergency contact numbers
  • Bank account numbers and routing information
  • Medical history, prescription list, and primary care contacts
  • Emergency contact list for everyone in the household

VPN use cases

A VPN (Virtual Private Network) encrypts your internet traffic between your device and a VPN server, masking your activity from your ISP and from anyone on the same local network. The legitimate household use cases are narrower than marketing suggests:

  • Traveling: Using public Wi-Fi in hotels, cafes, or airports — a VPN prevents traffic interception on untrusted networks
  • Accessing home resources remotely: A self-hosted VPN server at your home network allows secure remote access to your NAS, cameras, or NVR without exposing those devices to the public internet
  • Maintaining privacy from your ISP: If ISP-level data collection is a concern

A VPN does not protect against phishing, malware, or account compromise. It is one layer in the stack, not a comprehensive solution.

When internet-connected systems fail

Preparedness means knowing what happens to your digital dependencies when connectivity disappears.

Map your critical functions against their connectivity requirements:

Function Connectivity needed? Offline alternative
Emergency contacts No (if stored locally) Printed list
Banking access Yes — plan around it Cash reserve
Communication Depends on platform Radio, in-person rally points
Medical records No (if backed up) Printed summary
Security camera monitoring No (if local NVR) Local monitoring only
Navigation No (if offline maps loaded) Paper maps

Download offline maps to your phone before they're needed. Google Maps and Maps.me both support offline map downloads. Your phone becomes a functional GPS navigator without any data connection.

For financial continuity during extended outages, maintain a cash reserve sufficient for 2 to 4 weeks of household expenses. Bank access and electronic payments routinely fail during extended grid or infrastructure disruptions. Cash is the universal fallback.

Router and device hygiene

Your router is the gateway to every device on your network. A compromised router means traffic from every connected device can be intercepted or redirected.

Minimum configuration steps:

  1. Change the router's default admin username and password immediately after setup
  2. Use WPA3 encryption for your Wi-Fi network (WPA2 is acceptable if WPA3 is unavailable; never use WEP or WPA)
  3. Disable WPS (Wi-Fi Protected Setup) — it has known vulnerabilities
  4. Enable automatic firmware updates, or check for updates quarterly
  5. Disable remote management features unless you have a specific need for them

For all devices on the network: keep operating systems and applications updated. The majority of successful malware attacks exploit vulnerabilities that had patches available for months before exploitation. Updates are the single most impactful security action available to a home user.

Cyber security checklist

  • Install a password manager and eliminate all reused passwords, starting with email and banking
  • Enable app-based MFA on email, banking, and cloud storage accounts
  • Store MFA recovery codes printed offline in your household documents
  • Create a separate guest network or VLAN for all smart home and IoT devices
  • Establish a 3-2-1 backup: local computer, encrypted external drive, off-site or cloud copy
  • Test backup restoration quarterly — confirm files are actually accessible
  • Download offline maps for your area and likely evacuation routes
  • Print critical documents (IDs, insurance, contacts, medical summary) for a fireproof box
  • Change router admin password, disable WPS, verify WPA3 is enabled
  • Check router firmware version and update if needed
  • Maintain a cash reserve for 2 to 4 weeks of expenses

Strong digital security supports the rest of your preparedness posture. The OPSEC page covers the operational layer — what information you share publicly about your preparations, and with whom.