Your in-home router/modem may be the most insecure piece of hardware you own. Luckily, there is an easy fix although it isn’t cheap for many people: replace your present router’s internal software with a security-focused product, such as the free and open code, DD-WRT. The expense arises from the fact that most routers cannot easily replace the internal software. If you are one of the majority who owns a non-modifiable router, you will have to purchase a new router (which is a good idea anyway) and then install DD-WRT or a similar product yourself. If you are one of the fortunate few who do own a router that allows for modifying the internal software, you can upgrade to DD-WRT at no charge. Another alternative is that a few companies will sell new routers with DD-WRT or similar software already installed.
You can read much more about this topic in You Absolutely Must Secure Your Home Router and You Probably Can’t in the BoingBoing.net web site at: http://bit.ly/2Cpdspj. That article provides an overview in plain English of a somewhat more technical article, How to Protect Your Home Router from Attacks, by Lucian Constantin, available at: http://bit.ly/2CBh36N.
For the past 3 or 4 months, I have been using DD-WRT installed in a Linksys WRT3200ACM DD-WRT FlashRouter. It includes all the security enhancements of DD-WRT plus it also has a VPN installed. Not only are all connections from my desktop computer, laptop computer, tablet, and even my cell phone protected by the VPN, but even my Roku box, Apple TV, VoIP telephone, security video cameras, and even the Nest thermostat in my home are now connected to the Internet via a safe and secure VPN connection.