Your 2025 Home cybersecurity to-do List

Using MITRE ATT&CK’s four priority areas, here’s a comprehensive breakdown of where your home defences are probably failing—and how to patch them like a duct-tape-wielding IT admin.

Priority #1: Initial access (Keeping hackers out)

Gap: “My router’s admin page is wide open.”

Attack Technique: Exploit Public-Facing Application (T1190)

Why It’s Bad: Hackers scan for routers with default credentials (admin:admin) and hijack them.

Fix:

  • Change the default login (use a strong password).

  • Disable remote admin access (unless you want strangers controlling your Wi-Fi).

Gap: “I click ‘urgent’ emails like it’s my job.”

Attack Technique: Phishing (T1566)

Why It’s Bad: One click = malware or stolen credentials.

Fix:

  • Install uBlock Origin (blocks malicious ads/redirects).

  • Train yourself (and family) to hover over links before clicking.

Gap: “My ‘smart’ devices use the same password.”

Attack Technique: Default Credentials (T1078.001)

Why It’s Bad: Hackers use botnets to brute-force IoT devices (like cameras).

Fix:

  • Change default passwords (yes, even on the smart toaster).

  • Put IoT devices on a separate Wi-Fi network (guest mode works).

Priority #2: Execution (Stopping malware in its tracks)

Gap: “My kid has admin rights ‘for games.’”

Attack Technique: Abuse Elevation Control (T1548)

Why It’s Bad: Malware runs wild with admin privileges.

Fix:

  • Create a standard user account for daily use.

  • Use Windows Sandbox or macOS Gatekeeper for sketchy downloads.

Gap: “I download ‘cracked’ software.”

Attack Technique: Malicious File (T1204.002)

Why It’s Bad: Pirated apps = malware freebies.

Fix:

  • Use VirusTotal to scan downloads.

  • Ask yourself: “Is saving $20 worth a ransomware attack?”

Gap: “I ignore browser updates.”

Attack Technique: Exploit Browser Engine (T1211)

Why It’s Bad: Unpatched browsers = drive-by download paradise.

Fix:

  • Enable auto-updates for Chrome/Firefox/Safari.

  • Ditch old plugins (Java, Flash, etc.).

Priority #3: Persistence (Kicking hackers out for good)

Gap: “I never check running processes.”

Attack Technique: Process Injection (T1055)

Why It’s Bad: Malware hides in legit apps (like explorer.exe).

Fix:

  • Use Task Manager (Win) or Activity Monitor (Mac) to spot weird activity.

  • Install Malwarebytes for occasional scans.

Gap: “My backups are always connected.”

Attack Technique: Data Encrypted for Impact (T1486)

Why It’s Bad: Ransomware can encrypt backups too.

Fix:

  • Use the 3-2-1 rule: 3 backups, 2 formats, 1 offline.

  • Test restoring files (or discover too late they’re corrupted).

Gap: “I don’t monitor login attempts.”

Attack Technique: Valid Accounts (T1078)

Why It’s Bad: Hackers reuse stolen passwords.

Fix:

  • Enable login alerts for email/cloud accounts.

  • Use Bitwarden or KeePass for unique passwords.

Priority #4: Exfiltration (Stopping data theft)

Gap: “My cloud syncs everything automatically.”

Attack Technique: Automated Exfiltration (T1020)

Why It’s Bad: Hackers love stealing synced files.

Fix:

  • Encrypt sensitive files before uploading (use Cryptomator).

  • Review Google Drive/Dropbox sharing permissions.

Gap: “I don’t check email forwarding rules.”

Attack Technique: Email Collection (T1114)

Why It’s Bad: Hackers forward your emails to themselves.

Fix:

  • Check Gmail/Outlook rules for hidden filters.

  • Use YubiKey or TOTP for email MFA.

Gap: “My smart TV has a microphone/camera.”

Attack Technique: Audio/Video Capture (T1123/T1125)

Why It’s Bad: Hackers can spy through compromised devices.

Fix:

  • Cover the camera (tape works).

  • Disable always-on voice assistants (sorry, Alexa).

Future-proofing for 2025

Threat

Preemptive Fix

AI-Phishing

Use SimpleLogin for throwaway emails.

5G IoT Attacks

Put smart devices on a VLAN.

Quantum Harvesting

Switch to Signal/ProtonMail for comms.

Final checklist

  • MFA EVERYTHING (Email, router, cloud).

  • Segment your network (IoT ≠ banking devices).

  • Assume you’re already breached (monitor logs).

  • Teach your family (or suffer their mistakes).


Last update: 2025-06-07 06:04