With your router in charge of all incoming and outgoing Internet traffic and controlling the Wi-Fi network for your devices, it makes sense to make it as secure as possible.
Your router is the device that connects your computer and other devices to a network and, via a service provider, to the Internet. A router chooses the best route for the data packets to travel and it can also decide which computers get priority over others. Routers can be wired (i.e. using network cables to connect) and/or support wide-area networks (WANs), or wireless (connecting wirelessly to devices that support the same wireless standards).
Routers help businesses in many ways, such as giving employees access to business applications that improve productivity, building a fast and reliable small business network that can respond quickly to customer needs, reducing operating costs by using the router to share equipment (e.g. a printer), helping maintain data security through features such as firewalls or web filtering, and providing secure remote access for mobile workers.
With routers being such important communications nodes, they are of value to cybercriminals seeking access to personal data and networks. The risks, therefore, relate to security, privacy, finances, business continuity, and even to the existence of the business itself if a breach or damage is serious enough.
One big problem with addressing risks to routers is that users have little real knowledge about their routers anyway and pay little attention to them apart from when their connection goes down. It is often the case, therefore, that users tend not to know that their router has been compromised as there are no clear outward signals.
Research by the American Consumer Institute in 2018 revealed that 83 per cent of home and office routers have vulnerabilities that could be exploited by attackers. Older routers can often be more at risk and some of the main vulnerabilities of routers, particularly older ones, include:
- Routers are often forgotten about since their initial setup and consequently, 60 per cent of users have never updated their router’s firmware.
- Routers are essentially small microcomputers. This means that infections which affect computers may also infect routers.
- Many home users do not change the default passwords for the Wi-fi network, the admin account associated with it, and the router.
- Even when vulnerabilities are exposed, it can take ISPs months to be able to update the firmware for their customers’ routers.
- Today’s routers are designed to be easy and fast to work straight out of the box, and the setup does not force customers to set their own passwords – security is sacrificed for convenience.
- There are online databases where cyber-criminals can instantly access a list of known vulnerabilities by entering the name of a router manufacturer. This means that many cyber-criminals know or can easily find out what the specific holes are in legacy firmware.
There are a number of measures that can be taken to ensure that a router is as secure as possible. These measures include:
If you have an old router with old firmware, you could have a weak link in your cyber-security. If that old router links to IoT devices, these could also be at risk because of the router. Taking a close look at your router, its settings and getting to grips with firmware updates, the firewall, and what information about your router may be visible to would-be attackers could be important steps in improving router security.
Also, router manufacturers could take more responsibility for reducing the risk to business and home router users by taking steps such as disabling the internet until a user goes through a set up on the device which could include changing the password to a unique one.
Vendors and ISPs could also contribute to improved router security for all by having an active upgrade policy for out of date, vulnerable firmware, and by making sure that patches and upgrades are sent out quickly.
ISPs could do more to educate and to provide guidance on firmware updates e.g. with email bulletins. Some tech commentators have also suggested using a tiered system where advanced users who want more control of their set-up can have the option, but everyone else gets updates rolled out automatically.
If you would like to discuss your technology requirements please:
Back to Tech News