The National Security Agency recommends restarting home routers, smartphones and computers at least once a week as a simple way to reduce the risk posed by certain forms of malicious software.
The advice appears in the NSA’s official home-network security guidance. It explains that some malicious implants operate only in a device’s temporary memory and may disappear when that device is completely rebooted. The recommendation applies to personally owned devices and is presented as one part of a broader cybersecurity routine, not as a complete defense against hackers.
What the NSA Actually Recommends
The NSA advises users to schedule weekly reboots of their routing devices, smartphones and computers. That means powering the device down properly and starting it again rather than simply locking the screen, closing applications or switching Wi-Fi off temporarily.
The guidance was published in February 2023, but it has received renewed attention as U.S. agencies warn that attackers continue to exploit vulnerable home and small-office routers. In April 2026, the NSA joined the FBI and other agencies in highlighting a Russian military intelligence campaign that compromised routers to steal sensitive information.
The recommendation is broad public cybersecurity guidance rather than an emergency order directed at every American. Still, it is relevant to almost anyone who owns a smartphone, computer or home router.
Why Rebooting Can Help
Routers and phones remain powered on for long periods, allowing active processes and temporary connections to continue running in memory.
Some malware is non-persistent, meaning it does not survive a full restart. Rebooting may interrupt the malicious process, disconnect an attacker’s temporary session or remove code that exists only in volatile memory.
This is why restarting a device can sometimes provide a quick security benefit. It may also allow pending operating-system or firmware updates to finish installing.
However, not every infection disappears after a restart. Persistent malware can return when the device starts again, while an unpatched vulnerability may allow an attacker to reinfect it. A weekly reboot should therefore be treated as an additional layer of protection rather than a cure for a compromised device.
How to Reboot a Home Router Properly
A router can usually be restarted through its administration application or control panel. The simpler method is to disconnect its power, wait briefly and reconnect it.
Users should avoid pressing the recessed factory-reset button unless they intentionally want to erase the router’s settings. A factory reset is different from an ordinary reboot and may remove the Wi-Fi name, password and other configuration details.
After the router restarts, users should confirm that their devices reconnect normally. They should also check whether the router has automatic firmware updates available.
The NSA recommends keeping routing devices on the latest patches and replacing routers that have reached the end of manufacturer support. Unsupported equipment may contain known vulnerabilities that will never receive a security fix.
How to Restart a Smartphone
On an iPhone or Android device, a normal restart is usually enough. The phone should be powered off fully and then turned back on.
Putting the phone into airplane mode is not the same as rebooting because its operating system and active processes continue running. Locking the screen also does not restart the device.
Users do not need to erase their phones or perform a factory reset every week. A standard restart is the recommended action unless the manufacturer, employer or security professional provides different instructions.
The NSA separately offers mobile-device guidance covering software updates, strong authentication, application security and other protective measures. Its official telework and mobile security page links to both the smartphone and home-network recommendations.
Rebooting Does Not Replace Security Updates
A restart may interrupt temporary malware, but it cannot repair an unpatched security flaw by itself.
Router owners should enable automatic firmware updates when the feature is available. They should also replace default administrator credentials, use a strong and unique password and disable remote administration from the internet unless it is genuinely required.
The NSA’s recent router warning specifically encouraged users to update firmware, change default usernames and passwords, disable internet-facing remote management and replace unsupported devices.
Smartphone owners should install iOS or Android security updates promptly. Apps should also be downloaded from trusted stores and kept current.
Older Routers Can Create a Bigger Risk
Many households use the same router for years without checking whether its manufacturer still provides updates.
An end-of-life router may continue delivering internet access normally while remaining exposed to publicly known vulnerabilities. Attackers can exploit weak routers to monitor traffic, redirect users to fraudulent websites, steal credentials or use the device as part of a larger malicious network.
Rebooting an unsupported router may temporarily disrupt some malicious activity, but it does not make the underlying hardware secure. Replacement is generally the safer option when the manufacturer has stopped publishing security patches.
Owners can check the support section of the router manufacturer’s official website to determine whether their exact model still receives firmware updates.
A Weekly Restart Is Only One Part of the Routine
The NSA also recommends using WPA3 or WPA2 security, protecting the Wi-Fi network with a strong passphrase and separating less-secure smart devices from computers and phones that contain sensitive information.
Remote router administration and Universal Plug and Play should be disabled when they are not required. These features can increase the number of ways an attacker may try to enter a home network.
Users should also take browser certificate warnings seriously. In its April 2026 advisory, the NSA said compromised routers had been used in operations involving credential theft and DNS hijacking, which can redirect internet traffic toward malicious destinations.
What Users Should Do Now
Restarting a router and phone once a week is a simple and low-cost habit that may disrupt certain temporary threats. It is reasonable to choose a consistent time when losing internet access for a few minutes will not cause problems.
The more important step is combining reboots with current software, secure passwords, automatic updates and supported hardware.
Users can review the full recommendations through the NSA’s Best Practices for Securing Your Home Network, its Telework and Mobile Security Guidance and the agency’s latest router threat announcement.