1. Change the default Wi-Fi network name of your router!
The default Wi-Fi name (SSID) of your brand new router starts usually with your ISP name or the brand of the device, like Vodafone_xxxxxx or NetGear-xxxx. Don't let malicious people to know what they are dealing with! The best what you can do is to change the SSID name and also hide it, so the only way to connect to your network is to input manually the exact credentials.
2. Always use network encryption and a secure passphrase for Wi-Fi!
It's vital to use network encryption for your wireless home network! Without using it everyone could catch all of the information travelling in the air without effort. WEP is also a really outdated encryption, use at least WPA2. Needless to say that you also need a long secure passphrase with special characters.
So now, you have a hidden Wi-Fi network with the necessary encryption and secure passphrase. And if you buy a new device, you can easily connect to your secured Wi-Fi with inputting the necessary credentials manually. Great! The next step is to hold this ecosystem as closed as you can!
3. Use GUEST Wi-Fi it it's available!
Don't share these information to your guests, even if they are your relatives, use a guest Wi-Fi network instead. The reason is not that you don't trust your friend, but obviously you can't control them how to use their devices. Were they using open hotspots in a coffeeshop? There is a chance they already have malicious software in their computer, or mobile device. The solution is to use a GUEST Wi-Fi for them!
A GUEST Wi-Fi is a secondary Wi-Fi usually using a different IP range and connected directly to the internet channel. This means, your guests can access to the internet but the devices are totally isolated from your home network.
4. Disable every special features you aren't using
Does you router have an inbuilt Remote Access for remote administration? If you have some experience playing with iptables and other firewall, it's ok, because you know exactly how to prevent nmapping your ports. But if you are a normal user, you don't need this function.
With switching off the unnecessary built-in features, you can reduce the security vulnerability.
5. Always keep your router’s software up-to-date
Put your hand on anyone who, in addition to the occasional reboot, used to look at the router's status, check the current log, or see a list of devices that have tried unsuccessfully to connect to the network.
Like any other IT device, the router requires some care as well. Of course, this can be done on a very high level, but as the first step, you should check your router firmware updates regularly, and if a new one is published, install it as soon as you can. This is a small but essential step because the manufacturer's security patches reduce the vulnerability of your device.
6. Use Antivirus software on you computers or devices
We just need to remind everyone of this than to explain it. It is worth choosing an integrated system that not only detects malicious softwares but also have firewall function.
Of course, Microsoft do a great job with Defender, but you should consider buying a specific one.