While grubbing around in my usual diet of sci/tech news websites I came across this article in The Register which rather elegantly describes how taking over a domestic pocket- (or any other) computer can lead to the bad guys gaining control of a home router and thus controlling the network access of every other home device connected through that router. So I started excitedly attempting to describe this concept to my family in what I fondly imagined were non-technical terms. After the conversation wandered up a few blind alleys and back-tracked several times to try to establish context it came to a juddering halt when I was asked: ‘But what can normal people do about this?’.

Various smart-Alec retorts about computer security leapt towards my lips but I managed to keep most (or at least some) of them behind my teeth. Yes, what can Joe ‘Smartphone’ User do? Yes, I know we should all keep our smartphone software up to date - but how do we do that? How to make sure that Joe does? Anyway, that won’t protect us if our local router starts redirecting our devices to malicious sites. Yes, we should be careful about installing unapproved software on our devices - but that still won’t protect us if one of our family members takes a risk and as a result compromises our home router. Yes, our smartphone providers should carefully vet their approved software but we’re still at risk if something bad slips past their scrutiny. And what about connecting to the WiFi in our favourite bijou café, pub or friend’s house - would that be safe? Is everyone who connects to it as concientious, capable and benign as we and all our family, no doubt, are? What can we know about the router’s maintenance or security? Perhaps we should just advise people to never connect to WiFi that they don’t know is clean - good luck spreading that message, especially as we haven’t defined how we can ‘know’…

One answer might be for the ISPs to deliver to every customer a router with a built-in outgoing firewall which has to be configured by the users to allow specific traffic from each specific inside device… fat chance - such a router would be almost immediately replaced by every non-tech household with something more ‘user-friendly’.

It seems to me that the only place this can sensibly be addressed is if our ISPs monitor what is coming out of our routers and where it’s going. Anyone got any privacy concerns about that? Also, can you imagine the conversation when your ISP calls you to tell you that your home network has been compromised?

But hold on! The question was ‘what can normal people do about this?’. Not ‘what should other people do to keep us safe?’. The answers might be a bit depressing for many people:

  • Don’t use the same device for entertainment and business purposes. If you use your phone for social media and playing games, then don’t use it to buy stuff or to do your on-line banking. Keep things separate in your mind and on your computers.

  • Don’t do your on-line banking while connected on random strangers’ WiFi connections. Your local café probably does not have an IT security expert to set up and maintain the WiFi connection that they offer to their customers and passing strangers. They probably also disclaim responsibility if bad things happen to your device or bank account while connected through their service (well, I would).

  • Never reveal on social media facts about yourself that are also used to validate your identity on other services. If your bank asks a security question like ‘what was your place of birth?’ then offer the answer ‘the dark side of the Moon’ or ‘Poundland’ or something equally peculiar to you - but don’t use the truth. You do need to keep track of what fibs you’ve used for each service though.

  • Never use the same password for entertainment and business services. Use different passwords for every service you use. It’s not impossible to do - just a bit inconvenient. If you can’t remember the details, use a password store such as Keepass. If one of the services you use gets compromised (whether it’s through them being hacked or you being conned) then the rest of your services should be safe.

  • Read the instructions. If you’re just subscribing to a new service then read what they ask you to agree to and think about why they want you to agree. If you don’t understand the agreement or why they want you to agree, don’t.

  • Be aware. If something looks different when you’re connected via a new network then it probably is different - but be aware the difference may be subtle. The service provider may have just picked that moment to change things or you may be on a compromised network. Unless you’re a techie and think you fully understand it then don’t take the risk.

Of course, you don’t have to do this stuff if you don’t want to. You’ll be fine. It’s all being covered by the geeks and nerds who invent and run these services. They have a technical word for people who blindly consume these services; ‘victims’.