Exactly 

The thing is that you almost certainly don't!  The majority of home routers, including those from BT, in use today use the WPA2 standard.  If you've any slightly older devices, the chances are that WPA2 is as secure as they are going to get.  If I were to enforce WPA3 here, I'd lose most of my IoT including my heating controls.

Lets say a neighbour managed to gain access to your network, they're still unlikely to be able to access anything important, unless you've servers running password free on the network.

*My network here is more complex than most, but I'm still using WPA2/WPA3 on my 3rd party router.  I can access my network and servers remotely if needed, but it's not quick, simple, or automatic.  That your router keeps out anyone trying to attack from the internet is far more important right now.

**I'm looking to toughen my IoT security, which is no easy task, is probably going to be expensive, and not for the feint hearted.

Where this "weak security" warning may be relevant is if you are connecting to public hotspots like down the pub. 

Within your own home it's highly unlikely to be a problem.  My main access point is on the upstairs landing, so it gives good coverage to the whole house.  Last time I did a proper survey round here, I needed to be right up to my back garden fence or no further than immediately across the road at the front to get a connection from outside my property. As I said before, how dangerous are your neighbours or are MI5 sitting in a van across the road all day?

My TP-Link GX90 has built in security. I’m set up on WPA3 but of course it’s all backward compatible with WPA2 devices. The only iot device I seem to have issues with, is my energy provider smart meter display which to be honest is garbage anyway.

Im never going to use Norton security again after the hassle it gave me on my then new laptop, such an invasive program from my personal experience. Never had any issues with Windows Defender or Bitdefender.

Very useful info, many thanks.

Hi, neighbours ok, no probs there and I use a VPN so we will have a think about the best way to go.

Many thanks.

Well, there again.  Wi-Fi traffic is encrypted and browser traffic is encrypted with HTTPS anyway today, so what's the point in using a VPN all the time?  All you are doing is encrypting the encryption and creating excess processing that will slow the connection down.  The only time I use a VPN is if I want to hide which country I'm in.

Folks confuse privacy with security.

Although why folks are happy for a third party VPN provider to have access to their data rather than their ISP is beyond me.

As you say, the only reason to use a VPN (other than a true VPN into a corporate intranet) is to change geographical location.

But then why would you trust your ISP with your data over a reputable VPN provider? I trust neither with my data but I still use both, though I only use my VPN provider (which I subscribe to) in certain circumstances.