Protecting your home network may seem like a daunting task. It’s hard to know where to start and which precautions are the most important.
But fear not!! We have put together a 16-step program to guide you to better cybersecurity at home!
Before we get in to the steps, let’s go over the main concept that binds them all together -- Defense in Depth. The idea behind “Defense in Depth” is simple; the more layers and different kinds of security you have implemented, the more secure you will be.
We should also note that security is a spectrum, where there is no perfect solution. The name of the game is to make it as difficult as possible for the bad guys. If a casual attacker finds it difficult to compromise your network or devices, he or she may just give up. So we encourage you to consider every little thing you can do to improve your security as an accomplishment, and not to worry about being perfect!
So without further ado! On to the Steps!
Step 1: Practice good password security
Passwords are the gateway to all of your devices and accounts, so they are fundamental to good cybersecurity. Guessing passwords or using a computer to quickly try a lot of common passwords remains one of the most common tactics employed by cybercriminals to compromise your accounts and your devices. We recommend using a password manager so that you can employ very long and complex passwords that are different for every account and device without having to remember them all. For more details on good password security visit our password security page.
Step 2: Use multi-factor authentication whenever possible
Multifactor authentication (MFA or 2FA) goes hand-in-hand with good password security. The way it works is that certain websites or devices will allow you configure a second way for the website/device to authenticate your identity, instead of just using your password. When you log in, the website/device will require you to authenticate through both the password and the second method. Usually the second form of authentication involves your mobile phone. For example, you might get a push to your device to approve the login or, the mobile device provides you with a one-time code for you to type in with your password.
MFA dramatically improves security because it requires an attacker to not only know or hack your password, but also to have access to your second form of authentication. Not every website or device offers MFA but more and more are every day. We *strongly* recommend setting MFA up whenever possible. For more details, take a look at our MFA page.
Step 3: Secure your wireless network
Almost every home network wirelessly connected devices to the internet. And from your home you probably can pick up the signal from dozens of other houses or apartments around you. That means that cybercriminals who live near you or drive by your home can also connect to your network if you don’t lock it down. At a minimum you should implement a strong password for both the wireless connection and your router’s admin account and you should configure the wireless connection to use strong encryption. For a complete guide to securing your wireless network, please visit our Wi-Fi security page.
Step 4: Know how your home network is set up and add some layers
“Network topology” is the fancy schmansey term professionals use to describe the way your network is physically set up (including the Wi-Fi parts too). You can do a lot for your home security if you 1) know what your network topology is so that you know where the potential security flaws might be and 2) try to add some layers and variation from the norm so that attackers won’t be able to guess what kinds of security hurdles they’ll have to jump.
The typical home network topology is very simple. It might look like one of the two networks shown in the diagram below.
Now, simple is good so we’re not aiming for complexity here. But there are a couple things about these simple setups that could be improved. In topology “A” on the left, there is only one device that has to be compromised by an attacker in order to potentially gain access to every device connected to the Wi-Fi. Also, in many cases this one device may actually be owned or remotely managed by your Internet Service Provider (ISP). For example, sometimes your ISP pushes updates or configuration settings to the router, through the cable. This can be a good thing because you don’t have to manage firmware updates for the device. But what happens if one of the updates changes your security settings? If you aren’t checking in on them regularly, you might not be as secure as you think you are. Also these modem combos usually offer only basic security features. Because the features are uniform and basic, they are often well known by the bad guys. That makes them easier to compromise.
In topology “B” on the right there are two devices, which is a little bit better, but not much when you consider that the modem may still be owned/managed by the ISP and have the same issues that we just mentioned above. Depending on the wireless router you bought, it may or may not have good security features built in. Odds are, it is made by a large, commonly used company. It may be secure, but that’s not the top priority -- its primary purpose is to provide you with fast internet.
Topology “B” is a good example of the value of knowing your network topology as well. Sometimes when people buy a separate wireless router and plug it in to their ISP-provided modem, they don’t realize that the modem also has Wi-Fi. If the Wi-Fi on the modem is enabled and it doesn’t have good security settings, that can be an easy in-road for an attacker to gain access to your network.
So what do we recommend? Well, no matter what, it’s important to know your topology and then to secure every network device as best as you can. This probably involves changing the default admin password on each device and also adjusting whatever security settings the device offers. Most devices include a firewall which we recommend enabling and configuring even if it is very basic. If you do have topology “B,” and the Wi-Fi is enabled on the modem, we recommend that you disable the Wi-Fi if you’re not going to use it, At the very least, configure it to be as secure as possible. Generally speaking, we recommend that you do everything you can to secure the modem that connects to your ISP. You should consider the ISP to be outside the boundary of your home network. Don’t rely on it for security.
You should also consider adding another device (or even a couple) to your topology that are specifically designed for security. Check out topology C below.
In this topology we’ve basically taken topology B from above and stuck a separate firewall in between the modem and your wireless network. Standalone firewalls can offer some really great features that can dramatically improve your security. Most likely your modem and your wireless router probably have at least basic firewalls built into them. So if you enable all three of them and configure some key firewall “rules” you’re really starting to make things hard on the bad guys. We’ll cover about how to set up firewalls in more depth later. For now, the big take-away is that a cybercriminal would have to compromise 3 devices to get inside your network with a setup like this from the internet. Attackers within range of your wireless signal can still try to break in that way so make sure that wireless is secure!
Let’s just take a look at one more. Topology D below is a more advanced suggestion that can offer security as well as increased performance. Fair warning, it will take a little more effort and know-how to set up.
In this topology, we are essentially starting with topology C and then replacing the combination router and Wi-Fi access points with a dedicated router and multiple access points. Most people use the term “router” to describe the device that provides Wi-Fi because most Wi-Fi devices actually do serve as a router in addition to providing Wi-Fi service. But did you know that it doesn’t have to be that way? Every network needs one or more routers. That’s the device that decides how internet traffic should be forwarded to the devices on the network and also outside of the network. A wireless or Wi-Fi access point is a device that only facilitates communication between a wired network and wireless devices. So with a setup like this, you can actually have multiple access points.
Why would you want that, you might ask?
Well, it can increase your internet performance because each wireless access point will only have to handle a fraction of the traffic that it would have if it was the only access point. Another advantage is that you can spread these access points all over your house so that you can have really good wireless coverage everywhere. These dedicated devices are often more feature rich than the combo devices, so there may be more advanced security settings. For example, a dedicated router probably has a decent firewall in it and those access points probably have more advanced settings that you can play with related to their signal strength and frequency.
Generally speaking, some variation in your home network topology can add valuable layers of security, especially if you include security-specific devices like a dedicated firewall. Remember, the most important thing is that you know what your network topology is so that you know how to secure it. One thing we have not yet mentioned is that the individual devices that connect to your Wi-Fi access points are also a part of your network topology. It’s important to know what devices connect to your network so that you can be aware of security concerns that may relate to individual devices or that may pertain to how the devices are able to talk to one another. We’ll touch on that last part a little more in the next section!
Step 5: Segment your Network
Network segmentation is the practice of dividing your network into isolated parts so that connected devices will only have access to a limited portion of the network. The point of segmentation is to make it harder for an attacker to move from one device they have already compromised to another device on the network. This becomes especially important when you have some devices that have sensitive information and others that do not. Here’s an example that probably applies to your home network. You probably have a laptop where you save most of your important documents and then maybe you also have an IoT device (link to IoT page) like an Amazon Echo in your home as well. Ideally, you would want to connect those two devices to different network segments so that if someone compromises the Amazon Echo they cannot easily compromise your personal laptop because it is in a different segment of the network.
So how do you actually segment your network?
There are a few different ways to segment a network and the options available to you are going to be somewhat dependent on the hardware that you have in your home. If you have a router with multiple Ethernet ports or some other kind of internet switch, you can set up physical segmentation in your network by assigning “subnets” to those physical ports. A subnet is a defined range of IP addresses. Once you do that you can create routing rules and firewall rules between the subnets to really isolate them. Then when you plug a device like a desktop computer or maybe a hub for your smart lightbulbs into those Ethernet ports they will be on different subnets and isolated from each other. If you set up Virtual Local Area Networks (VLANs) you can also achieve the same segmentation with your hardwired devices but the physical port where they are plugged in doesn’t matter. With VLANs the segments are defined based on the device connecting rather than where it is connected.
Some Wi-Fi routers/access points will also let you set up VLANs. In this case your wireless router/access point will virtually isolate the traffic between devices. In some cases this might mean your Wi-Fi devices will have to connect to what appears to be different wireless networks, which are isolated from one another.
As mentioned above, not all hardware offers these segmentation options. If you are interested in implementing them, you should check out the documentation for the devices you already have, see if these features are offered and, if so, how to set them up. You may end up having to buy some fancier equipment.
Probably the easiest and most universally available way to do simple segmentation on a wireless network is just to setup and connect to a guest network. You might think that a guest network should exclusively be used for guests but there is no reason that the lord and/or lady of the house shouldn’t connect their devices through a guest network as well. Guest networks will offer the option to isolate hosts on the wireless network, which essentially means that no device on the network can communicate directly with any other device. This might sound limiting, but the reality is that you usually don’t need your devices to communicate with one another. Most of the time your device only needs to communicate with the internet. So setting up a guest wireless network and connecting all of your devices to it might be a valid security approach for many home users!
Step 6: Set up a firewall or two
Firewalls are key to your online security whether you’re at home or out in the world. A firewall is essentially an internet traffic filter that works based on rules. When a “packet” of data flows through the firewall, the firewall will check the rules in its list and it will decide if the packet must be dropped or if it can be forwarded on to its final destination.
Firewalls can and should be implemented at two different levels for a good defense in depth approach. The first level is the “network” level and the second is the “host” level. A network based firewall is one that runs inside of a dedicated device or possibly inside of your router at the boundary of your local area network. Network firewalls are intended to govern all of the traffic that flows in an out of your whole network and, as a result, their protection applies to all of the devices on your network. A host based firewall runs on an individual device (or host) like your laptop computer for example. This kind of firewall is intended to protect the host on which it is installed and will effectively add a second layer of protection over your network firewall. Host based firewalls will also protect your device when you are away from home and connected to a network that may have no firewall, an improperly configured firewall or a firewall that just isn’t as strict as you’d like it to be. Another advantage of host based firewalls is that they can protect against malicious traffic that attempts to move between hosts on your home network. This kind of host-to-host traffic is commonly used by attackers and is not prevented by a network firewall because the traffic in question flows from device to device entirely “downstream” of the network firewall.
We highly recommend setting up one or more network firewalls at home and also setting up host firewalls on any device where host based firewalls are available. Windows, Apple and Linux operating systems all have built in firewalls for desktop and laptop devices. Mobile devices and IoT devices may or may not have an option to setup a firewall so just do a little research on each of your devices to see if you can set up a firewall.
Ok, so what does it mean to set up a firewall? How do you do it?
Some firewalls make setup simple, perhaps at the expense of some control and security. For example, most consumer routers will offer a basic firewall with basic options where, essentially, the device sets up the firewall rules according to your selections. If you have a firewall like this at the network level, we do recommend enabling it but we also recommend that you supplement it with the protection offered by a dedicated network firewall. A dedicated firewall device is likely to be a little more complicated to configure but you will also have the ability to define rules that will make your network really secure. Similarly, the host based firewalls associated with most major operating systems will offer you flexibility and security. With all of these firewalls, the exact means by which you define the firewall rules will depend on the firewall so you’ll have to do a little bit of research in order to figure out the syntax for defining rules. But let’s go ahead and talk about what kinds of rules you should set up.
Firewall rules are defined for a certain “interface.” You can think of these interfaces as the pipe of information that flows in or out of your network, a segment of your network or a device if you’re talking about a host based firewall. So a firewall ruleset can be defined for traffic flowing in one direction through some interface. You will need to define multiple rulesets (one for each direction of each major interface) in order to properly configure your firewall.
For any set of firewall rules, the firewall will have one of two default actions; “Drop” or “Accept.” If the ruleset is configured as a “default drop” ruleset then internet traffic will be discarded if it doesn’t match any of the individual rules. In this case the individual rules are actually designed to specify the kind of traffic you want to allow through the applicable interface. All other traffic will be dropped by the default action. On the other hand if the ruleset is configured as a “default accept” ruleset then the individual rules will be designed to specify traffic that should be dropped.
The last bit of background information we need to share before we can start recommending specific rules is about the difference between a “Stateless” and a “Stateful” firewall. Most traffic on the internet these days is sent over a connection that must be mutually established by both machines that are communicating. At a basic level, one machine says to another, “I’d like to set up a connection with you” then the second machine on the other side of the world says, “Ok I acknowledge you want to set up a connection, I’d like to set one up with you too.” And then the first machine responds back, “Great, I acknowledge our two way connection.” This kind of process is called a three way “handshake” because there are three steps required to set up the connection. Only after the handshake is complete can you start to transmit data over the connection. While the connection is still being established you could say that each step in the handshake moves the connection into a new “state” that represents where the connection is in the full handshake process. …Which brings us back to our firewalls… “Stateful” firewalls will keep track of the states in the handshake process for every connection being made. Because of this feature, you can define some very important rules that are based on the state of those handshakes. For example, you can block new connections or you can allow established connections. The words “new” and “established” represent different states in the handshake process. A “Stateless” firewall does not keep track of states so you can only define rules based on the details of each individual packet. The firewall will not know if the connection is new or already established; it only sees individual packets. For home applications you are going to want a stateful firewall. The only advantage to a stateless firewall is that they can handle higher data rates because they don’t have to do as much processing. But the extra processing is not going to make a difference to the average home user.
Alright! We’re finally getting to some rule recommendations!
If you’re only going to set up one firewall ruleset, get a stateful firewall and define a default drop ruleset on the interface coming into your network from the internet (this is typically called WAN_IN) and define a rule that accepts established and related connections. This is 1 ruleset, with 1 rule. What this will do for you is it will drop any traffic coming into your internet except for packets that pertain to a connection that was started from inside your network. So when you ask for data from a website, the firewall will let that reply data come in. But if some cybercriminal requests data from a machine in your network, that is a new connection originating from outside the network. New connections do not match the 1 rule, so the firewall will take the default action, which is drop! You can make a rule just like this one on your host based, stateful firewalls too. We recommend it!
The other thing you should do with your firewall, no matter what kind you have, is you should block some “ports.” Ports are like doors between you and the internet. All internet traffic comes through a port and a port can be either open or closed. If it’s closed, nothing can come through. Ports are also numbered and the same number is typically used for any given type of internet traffic. For example, email traffic uses one port and secure website traffic uses a different port. Some ports have to remain open for your devices to communicate over the internet. But there are a lot of ports you don’t need that can be used for malicious purposes. So you should close them. We’ve listed some ports below that you should always close with a firewall rule (i.e. drop traffic through that port). You will notice in the list that some of them are labeled as “TCP” and some as “UDP.” These are two different internet “protocols” and there are a separate set of ports for each. So TCP port 80 is not the same as UDP port 80. Also, in case you’re interested, all that “handshake” talk before was about the TCP protocol. Anyways, on with the list of ports you should block with your firewall.
- 20, 21 TCP – FTP (File Transfer Protocol)
- 22 TCP and UDP – SSH (Secure Shell)
- 23 TCP – Telnet Protocol
- 42 TCP and UDP – Host Name Server Protocol
- 69 UDP – TFTP (Trivial File Transfer Protocol)
- 135-139 TCP and UDP – NetBIOS
- 389 TCP – LDAP (Lightweight Directory Access Protocol)
- 445 TCP and UDP – Microsoft AD/SMB File shares
- 636 TCP and UDP – LDAPS (Secure Lightweight Directory Access Protocol)
- 1433-1434 TCP and UDP – Microsoft SQL Server
- 1512 TCP and UDP – Microsoft’s Windows Internal Name Service
- 3389 TCP and UDP – Microsoft Terminal Server (RDP)
- 3268-3269 TCP and UDP – Microsoft Global Catalog
You can also take the opposite approach and drop packets to all ports except for certain ports you choose to accept. This is called “whitelisting” and it’s actually better for your security. The only down side is that you will need to know exactly what ports you need to use in order to set it up. And that can be harder to figure out and to maintain.
Step 7: Secure your IoT Devices
These days, everyone has Internet of Things (IoT) devices around the home. If it’s not a desktop computer, laptop computer, tablet or mobile device, and it’s connected to the internet it’s an IoT device. We’re talking about things like your connected thermostat, smart TV, fancy lightbulbs and maybe even your coffee maker or fridge. Odds are if the device is labeled as “Smart” it’s an IoT device.
IoT devices are usually pretty unsecure because they are typically designed with only the user experience in mind. In fact, attackers often target IoT devices to gain access to a larger network because they know that they are usually the weakest link in terms of security. So please make sure you take a look at our IoT page and also consider segmenting your network as we discussed earlier on this page.
Step 8: Minimize your devices and applications
The principle of minimization when it comes to cybersecurity is based on the idea that the more you reduce the devices on your network and the applications/services that run on them, the harder it will be for an attacker to find a way in to your network. This is referred to as reducing your “attack surface.” In order for attackers to get to the information they really want, they have to find a vulnerability in some device on your network. This vulnerability might be found in any application that runs on any device. You never know. Attackers a sneaky that way. So it will definitely improve your home security if you take inventory of what devices you have and what applications are installed on them and then you eliminate the ones you don’t really need.
Most computers come with a great deal of applications and services pre-installed and pre-programed to run when the machine starts up. It’s part of how they sell you on the device… “Look at all the great software you get!” But the reality is that you won’t use all that software and you probably won’t keep it up to date with the latest patches. That means there may software on your machine that you aren’t even aware of that may be really easy for an attacker to compromise. So do yourself a favor and uninstall all of those programs that you don’t ever use. It will make it way easier to secure that device.
Same goes for unnecessary devices on your network. If you have a connected coffee maker that you don’t really use or need, then disconnect it from your network or sell that sucker.
If you’d like to read more about minimizing for security’s sake, check out our apps page.
Step 9: Configure privacy settings on devices and applications
Privacy is a close cousin of security. All of the information you send out over the internet can be collected and used by marketing companies or it can be used by cyber criminals to build a dossier on you so that they can more easily steal your identity or hack into your devices. You should consider all information that you send out over the internet to be public information.
What you may not know is that your devices like your laptop, tablet and mobile phone send information about you and your internet/application usage to their manufacturers all of the time! And your applications do the same thing! The good news is that you can opt out of some of this information sharing.
Every device and application has a privacy page somewhere in its settings. We recommend finding that page and reading up on the options you are given. Then go ahead and choose the option that limits the way your information is shared most while still allowing you to use the features you need. Every device and application will have different options, so we can’t really lay them all out for you here, but if there is a privacy option that you don’t understand, just Google it. See what people on the internet community say about that privacy feature. In fact, you can often find full write-ups for most major operating systems and applications where the author will go through every privacy setting, explain it and provide a recommendation. So see what they have to say. The most important thing is for you to know what options are there and to make educated choices about what information is shared.
Step 10: Use Antivirus software on all your devices
Antivirus software is another great tool that will improve your security posture by detecting and eliminating malware from the machines on which the software is installed. Malware is everywhere and it is constantly changing and evolving into new variants. Thankfully, there are a lot of great antivirus products that contain extensive malware definition databases that are almost constantly updated so that the software can detect the latest known strains of malware.
We highly recommend having antivirus installed on every computer, tablet and mobile device that you have. To learn more about Antivirus Software, check out our page on the subject .
Step 11: Consider encrypting your devices
One of the best ways to prevent a cybercriminal from accessing sensitive files on your devices is to encrypt the sensitive files or even the entire storage drive of the device. When all or part of your device is encrypted, the data is only readable when you log in to the device and decrypt it with a password. That means that if you lose your device or it is stolen, a cybercriminal will not be able to access any of your sensitive information, that is, as long as you have a good password for the device encryption (link to password security page). Device encryption will also keep you protected in the event that an attacker breaks in to your network from the internet and gains access to your device. He or she may have access to the device but they won’t be able to read anything when all the data is encrypted. So encryption really can be a very valuable security tool.
To lean more, check out our page on Encryption and look for the “Data Storage” section.
Step 12: Use a Virtual Private Network (VPN)
A Virtual Private Network (VPN) is a great tool that can improve both security and privacy. Essentially a VPN will encrypt all of the internet traffic going to and from your device and send it to a trusted server on the internet. That server acts like a middleman, forwarding your traffic on to whatever website or other final destination you had intended. The forwarded traffic is actually disguised to look like it originated from the VPN server itself so the website you’re connecting to will think it’s talking to the VPN server and will not be able to tell who or where you are. Unless, of course, you send it that kind of information.
The main advantage of using a VPN is that your data is encrypted while it travels through the portion of the internet where it is most likely to be subject to eavesdroppers; the span between you and the VPN server. This encryption will make it impossible for anyone to see your internet traffic which means that your sensitive data is protected in transit. Your internet service provider won’t be able to spy on your traffic and neither will cybercriminals. VPNs can be set up on individual machines or at a network level.
Step 13: Stay up to date with the latest patches
One of the most important things you can do for you online security is to make sure that you keep up to date with the latest patches for all of your devices and applications. You may think that patches just offer updated features, but they very often contain important fixes to vulnerabilities. Cybercriminals are all about finding and exploiting vulnerabilities and, most of the time, their game plan is just to exploit a particular vulnerability in as many systems as possible for as long as they can before it becomes impractical because too many people have patched the vulnerability. They then find a new vulnerability to exploit. The bad guys often find out about a given vulnerability around the same time that the good guys release a patch for it. So the more you can stay on top of applying the patches, the more you will stay ahead of the curve and limit your exposure to attack.
Almost everything can be patched from computers to mobile devices, routers, firewalls and applications. To learn more about how to stay up-to-date with patches.
Step 14: Backup your data
It is really important that you keep all of your data backed up in this day and age. One of the most popular attacks is a ransomware attack (link to ransomware page here). Essentially these attacks prevent you from accessing any of your data on the machine infected by the ransomware. But if you’ve kept your data backed up, it doesn’t matter if you get infected with ransomware… because you can just reformat your machine and then restore all of your lost data from your backups.
There are certainly other reasons you should keep you data backed up. In case your hard drive starts smoking, for example, or for the case where you lose your mobile phone at a hacker convention in Las Vegas. Not that any of you would do that. In any case, we highly recommend checking out our page on backups.
Step 15: Monitor your Network
Monitoring your network can get really complicated really fast, so we’re not going to dive too deep here. But a little bit of simple monitoring can help ensure security on you home network.
Specifically we recommend logging in to your router every week or two and just checking to see what devices have connected to your network. You should be able to recognize or identify all of the “clients” that have connected to your network. If there are devices on the list that you cannot identify, they may be malicious and you should consider banning them from the network. Most routers make it easy to block a particular computer with the touch of a button. If you have to do that, you should probably also consider changing your Wi-Fi password and potentially other security settings in order to prevent other hoodlums from joining your network in the future. See this page on securing you Wi-Fi for details on how to do that (link to Wi-Fi security page here).
Before you can do any blocking though, you will have to figure out which devices are actually yours so you’ll know if any need to be blocked. Every device that is connected to the internet has what is called a MAC address. MAC addresses are unique to each device and they do not change. They look like 6 sets of 2 characters separated by colons like this, “4a:6f:d2:00:a1:e5.” When you log in to your router you will see that each client that has connected to the network is identified by a MAC address. You will also see an IP address and a description of the device which is automatically generated based on the MAC address. The tough part is that, a lot of times, the description can be confusing and the IP address can change from time to time. So the MAC address is the best way to identify a device. Start by making a list of all the MAC addresses that are listed as connected devices in your router. Then walk around your house and log in to each of your devices. Somewhere in the settings of each device you will find its MAC address listed. When you find it, you can check that MAC address off of your list. If you finish that exercise for all of your devices and there are still some devices on the list, you should probably log back into your router and block those suckers! If you block a device and then realize you shouldn’t have you can always unblock it later. Also, remember that you don’t have to repeat this exercise every time you check in on your router’s list of connections. If you do it once, you can keep the list and then just compare it to the list in the router in the future. If there is a new connection to your network and you didn’t get any new devices then… you know what to do! Block it!!
Monitoring your network will not only allow you to identify rogue devices. It will also give you a better picture of the devices you intend to have connected to your network (which is part of knowing your network topology). Seeing all of the connected devices in one place will make it clear what devices you need to secure and can also serve as a reminded that these devices can all talk to one another. For example, when you see your work computer on the same list as your smart TV you may start to see that some network segmentation could improve your security. But even if insights like that don’t jump out at you, having the big picture view of your network and all its devices will be a very big head start in your quest for better home security. Knowledge is power!!
Step 16: Dispose of old devices properly
What do you do when you are ready to sell or throw away your old laptop or mobile device? Does it matter? Well, yes! It does! Your old device still has a lot of information about you on it. There are probably old pictures, files and e-mails on there that contain valuable information that could help a cybercriminal steal your identity. Fortunately there are ways that you can securely “wipe” all the data from your devices before you sell them, give them away or recycle them. For more details on the topic check out our “How to Dispose of a Device” page.