Cyber security

Most household cyber compromises are not sophisticated attacks. They are the consequence of reused passwords, default router credentials, and data stored only in one place that nobody tested restoring. The Texas family whose home computer was ransomed for $1,200 in 2024 — then targeted again weeks after paying — lacked a tested backup. That is the story of most residential cyber incidents: ordinary failures, not extraordinary attacks.

This page covers the operational cybersecurity layer for households, with a focus on maintaining access to critical information and communications during disruption. For coverage of infrastructure-scale attacks, see the threats section.

Passwords and account security

Credential reuse is the single most common preventable failure. When one site is breached — and breaches happen at thousands of services every year — every account that shares that password becomes vulnerable. The fix is straightforward: a unique, randomly generated password for every account, stored in a password manager.

A password manager (Bitwarden, 1Password, and KeePassXC are widely used options) generates and stores passwords you never need to memorize. Your only task is protecting one strong master password and access to your email recovery address.

Multi-factor authentication (MFA) requires a second verification step — typically a time-based code from an authenticator app — in addition to your password. Enable it on every account that supports it, starting with:

Primary email account (compromise of this unlocks everything else via password resets)
Banking and financial services
Cloud storage and document services
Any service tied to your phone number or home address

Avoid SMS-based MFA (text messages) for high-value accounts when an app-based option is available. SIM-swapping attacks can intercept text codes.

Store MFA recovery codes offline. When you set up MFA on a new account, you receive one-time backup codes. Print them and store them with your household documents, or write them in a dedicated recovery book. A locked phone without backup codes locks you out of every account simultaneously.

Email is the master key

Whoever controls your primary email address controls your entire digital life through password resets. Protect it with the strongest password you have and app-based MFA. Treat it with the same priority as your primary banking credentials.

Network segmentation for IoT devices

Modern households run dozens of internet-connected devices — thermostats, security cameras, smart speakers, baby monitors. Many of these devices have poor security track records: default passwords, infrequent firmware updates, and limited encryption. Placing them on the same network as your computers and phones creates a lateral movement path: an attacker who compromises a camera can pivot to your laptop.

The solution is network segmentation: placing IoT devices on a separate VLAN (Virtual Local Area Network) or guest Wi-Fi network that cannot communicate with your primary devices. Most modern home routers support this natively through a guest network feature.

Steps for basic segmentation:

Log into your router's admin interface
Enable the guest network (or create a separate VLAN if your router supports it)
Connect all smart home devices, cameras, and appliances to this secondary network
Verify that devices on the secondary network cannot access your primary network — most routers enforce this by default in guest mode

Devices that benefit from isolation: security cameras, smart TVs, game consoles, smart speakers, IoT appliances. Devices that should remain on your primary network: computers, phones, and network-attached storage.

Field note

The fastest way to check whether your guest network is actually isolated: connect a device to it and attempt to browse to your router's admin interface (usually 192.168.1.1 or 192.168.0.1). If the admin page loads from the guest network, isolation is not working.

Offline data backups

Digital records you cannot access without internet connectivity are not preparedness assets — they are liabilities waiting for the moment when the internet is unavailable. Bank account numbers, insurance policy details, medical records, identity documents, property deeds, emergency contacts: all of these need to exist somewhere you can reach them when systems fail.

The 3-2-1 backup rule is the baseline standard: three copies of your data, on two different media types, with one copy off-site.

For households:

Copy 1: Active data on your computer or phone
Copy 2: External hard drive or USB drive stored at home, encrypted
Copy 3: Encrypted cloud backup or a second external drive kept off-site (at a trusted family member's home, a safe deposit box, or a rented storage unit)

Encryption for stored drives: Any external drive containing identity documents, financial records, or personal data should be encrypted. BitLocker (built into Windows Pro), FileVault (built into macOS), or VeraCrypt (free, cross-platform) all provide strong encryption. A lost or stolen encrypted drive is a minor inconvenience. An unencrypted drive is a complete identity compromise.

Test your restores. A backup you have never tested restoring is not a backup — it is a hope. Schedule a restore test quarterly: pick a file or folder from your backup drive, restore it to a temporary location, and confirm the contents are intact and accessible.

Printed critical documents: For genuine continuity during infrastructure disruption, keep a physical copy of the following in a fireproof box or sealed waterproof bag:

Government-issued ID (passport, driver's license) — photocopy
Insurance policy numbers and emergency contact numbers
Bank account numbers and routing information
Medical history, prescription list, and primary care contacts
Emergency contact list for everyone in the household

VPN use cases

A VPN (Virtual Private Network) encrypts your internet traffic between your device and a VPN server, masking your activity from your ISP and from anyone on the same local network. The legitimate household use cases are narrower than marketing suggests:

Traveling: Using public Wi-Fi in hotels, cafes, or airports — a VPN prevents traffic interception on untrusted networks
Accessing home resources remotely: A self-hosted VPN server at your home network allows secure remote access to your NAS, cameras, or NVR without exposing those devices to the public internet
Maintaining privacy from your ISP: If ISP-level data collection is a concern

A VPN does not protect against phishing, malware, or account compromise. It is one layer in the stack, not a comprehensive solution.

When internet-connected systems fail

Preparedness means knowing what happens to your digital dependencies when connectivity disappears.

Map your critical functions against their connectivity requirements:

Function	Connectivity needed?	Offline alternative
Emergency contacts	No (if stored locally)	Printed list
Banking access	Yes — plan around it	Cash reserve
Communication	Depends on platform	Radio, in-person rally points
Medical records	No (if backed up)	Printed summary
Security camera monitoring	No (if local NVR)	Local monitoring only
Navigation	No (if offline maps loaded)	Paper maps

Download offline maps to your phone before they're needed. Google Maps and Maps.me both support offline map downloads. Your phone becomes a functional GPS navigator without any data connection.

For financial continuity during extended outages, maintain a cash reserve sufficient for 2 to 4 weeks of household expenses. Bank access and electronic payments routinely fail during extended grid or infrastructure disruptions. Cash is the universal fallback.

Router and device hygiene

Your router is the gateway to every device on your network. A compromised router means traffic from every connected device can be intercepted or redirected.

Minimum configuration steps:

Change the router's default admin username and password immediately after setup
Use WPA3 encryption for your Wi-Fi network (WPA2 is acceptable if WPA3 is unavailable; never use WEP or WPA)
Disable WPS (Wi-Fi Protected Setup) — it has known vulnerabilities
Enable automatic firmware updates, or check for updates quarterly
Disable remote management features unless you have a specific need for them

For all devices on the network: keep operating systems and applications updated. The majority of successful malware attacks exploit vulnerabilities that had patches available for months before exploitation. Updates are the single most impactful security action available to a home user.

Field note

The router's default DNS server is often your ISP's — which logs every domain your household queries. Switching to a privacy-respecting DNS resolver (Cloudflare 1.1.1.1 or Quad9 9.9.9.9) takes two minutes in the router admin interface and eliminates that specific data collection path without any change in browsing experience.

Household device audit

Most households have no inventory of what is connected to their network. A device audit identifies every internet-connected item, verifies its firmware is current, and establishes a maintenance rhythm. Walk through this audit quarterly.

Field note

Most home networks are compromised through devices nobody remembers connecting. That "smart" plug installed two years ago, the IP camera in the garage, the kids' gaming console that has never been updated — these are the attack surface. You cannot secure what you haven't inventoried.

Room-by-room device inventory

Walk through every room with a notebook. For each device, record:

Device name and type (thermostat, camera, smart speaker, appliance)
Manufacturer and model number (printed on the device or in its companion app)
Current firmware version (check the device's settings menu or companion app)
Default credentials changed? (yes/no — if no, change them now)
Network assignment (primary or guest/IoT network)

Common locations people miss: garage door openers with Wi-Fi, smart smoke detectors, irrigation controllers, printer/scanner combos, gaming consoles, and smart plugs behind furniture.

Work through each room in order. A typical household inventory by zone:

Zone	Devices to check
Living room	Smart TV, streaming stick, game console, smart speakers, smart plugs
Kitchen	Smart refrigerator, connected range/oven, coffee maker with Wi-Fi app
Bedrooms	Tablets, phones, smart alarm clocks, air quality monitors
Bathroom	Smart scale, connected showerhead or water monitor
Office	Laptops, desktop PCs, printers, scanners, smart power strips
Garage	Garage door opener with Wi-Fi, EV charger, security cameras
Exterior	Video doorbells, outdoor cameras, smart irrigation controller
Utility	Smart thermostat, connected water heater, smoke/CO detectors with Wi-Fi

Factory reset procedures by device type

Factory resets serve two purposes: wiping a device you're disposing of, and restoring a device you suspect may have been compromised. The procedure varies by device type.

Router: 1. Locate the physical reset button (typically recessed, requires a pin or paperclip) 2. With the router powered on, hold the reset button for 10–30 seconds until the status lights cycle 3. Wait 2–3 minutes for the unit to fully restart in factory state 4. Reconfigure from scratch: new admin password, new Wi-Fi credentials, re-enable WPA3, re-create your IoT guest network

Smart speaker (Amazon Echo, Google Nest, Apple HomePod): - Echo: open the Alexa app → Devices → select the device → Deregister, then hold the Action button for 20 seconds until the light ring turns orange and goes off - Google Nest: open the Google Home app → Settings → Remove device, then hold the microphone mute button for 10+ seconds - HomePod: in the Home app, long-press the device → Settings → Reset HomePod, or hold the top surface until the spinning light appears

Security camera (indoor/outdoor): 1. Remove the device from your camera platform or NVR account first 2. Hold the physical reset button (usually under the base or in the cable port) for 10–15 seconds 3. After reset, confirm the camera is showing the factory setup prompt before disposal 4. For cameras with SD card storage: remove and format the SD card separately — factory reset does not always overwrite recorded footage

Smartphone or tablet: - iOS: Settings → General → Transfer or Reset iPhone → Erase All Content and Settings (sign out of iCloud before this step) - Android: Settings → General Management → Reset → Factory Data Reset (sign out of Google account first) - Before reset: revoke the device from your cloud accounts (Find My, Google Account devices list) and remove it from any smart home platforms

Sign out before resetting

Factory resetting a phone or tablet without first signing out of iCloud or Google can leave the device locked to your account — meaning a buyer or recipient cannot use it, and the device may appear to be wiped but still request your credentials. Always sign out, then reset.

Firmware update schedule

Device type	Update frequency	How to check
Router/access point	Monthly	Admin interface → firmware section
Security cameras	Monthly	Manufacturer app or web portal
Smart speakers and displays	Automatic (verify quarterly)	Device settings → software version
Smart locks	Quarterly	Manufacturer app → device info
IoT appliances (fridge, washer)	Quarterly	Manufacturer app or support site
Computers and phones	Enable automatic updates	OS settings → update section

Factory reset before disposal

Any device leaving your household — sold, donated, recycled — must be factory reset first. Connected devices store Wi-Fi credentials, account tokens, and sometimes video or audio recordings.

Before reset: remove the device from your smart home platform (Alexa, Google Home, HomeKit) and deauthorize it from any cloud accounts
Factory reset: hold the reset button (usually 10–15 seconds) or use the manufacturer app's reset function
Verify: power the device back on and confirm it shows the initial setup screen, not your home configuration
Cameras and NVRs: format the SD card or internal storage separately — factory reset does not always wipe recorded footage

Cyber security checklist

Strong digital security supports the rest of your preparedness posture. The OPSEC page covers the operational layer — what information you share publicly about your preparations, and with whom. For the broader privacy dimension — reducing your digital footprint, managing data broker exposure, and limiting what adversaries can learn about you online — see privacy and anonymity.