With your router in charge of all incoming and outgoing Internet traffic and controlling the Wi-Fi network for your devices, it makes sense to make it as secure as possible.
Your router is the device that connects your computer and other devices to a network and, via a service provider, to the Internet. A router chooses the best route for the data packets to travel and it can also decide which computers get priority over others. Routers can be wired (i.e. using network cables to connect) and/or support wide-area networks (WANs), or wireless (connecting wirelessly to devices that support the same wireless standards).
Routers help businesses in many ways, such as giving employees access to business applications that improve productivity, building a fast and reliable small business network that can respond quickly to customer needs, reducing operating costs by using the router to share equipment (e.g. a printer), helping maintain data security through features such as firewalls or web filtering, and providing secure remote access for mobile workers.
With routers being such important communications nodes, they are of value to cybercriminals seeking access to personal data and networks. The risks, therefore, relate to security, privacy, finances, business continuity, and even to the existence of the business itself if a breach or damage is serious enough.
One big problem with addressing risks to routers is that users have little real knowledge about their routers anyway and pay little attention to them apart from when their connection goes down. It is often the case, therefore, that users tend not to know that their router has been compromised as there are no clear outward signals.
Research by the American Consumer Institute in 2018 revealed that 83 per cent of home and office routers have vulnerabilities that could be exploited by attackers. Older routers can often be more at risk and some of the main vulnerabilities of routers, particularly older ones, include:
• Routers are often forgotten about since their initial setup and consequently, 60 per cent of users have never updated their router’s firmware.
• Routers are essentially small microcomputers. This means that infections which affect computers may also infect routers.
• Many home users do not change the default passwords for the Wi-fi network, the admin account associated with it, and the router.
• Even when vulnerabilities are exposed, it can take ISPs months to be able to update the firmware for their customers’ routers.
• Today’s routers are designed to be easy and fast to work straight out of the box, and the setup does not force customers to set their own passwords – security is sacrificed for convenience.
• There are online databases where cyber-criminals can instantly access a list of known vulnerabilities by entering the name of a router manufacturer. This means that many cyber-criminals know or can easily find out what the specific holes are in legacy firmware.
There are a number of measures that can be taken to ensure that a router is as secure as possible. These measures include:
- Changing the username and password(s). Changing the username and password of the router from the default ones (printed on a label on the device) to something much more secure makes it much less vulnerable to common attacks. Using WPA2 security requires each new device to submit a password to connect anyway, but if it is not active it can be switched on through your router settings. Changing the network password (via the router settings) can also improve security.
- Keeping the router’s firmware up to date. The router control panel should enable the updating of the firmware, thereby ensuring that the router has the latest fixes and patches installed. In some cases, users may have to download new firmware from the manufacturer's site to make the router as secure as possible.
- Changing the network name/SSID. Changing this from the default name will give would-be attackers less of an idea of the type/name of the router manufacturer, thereby making it more difficult for them.
- Stopping the Wi-Fi network name/SSID from being broadcast. This can be achieved via the router settings, but it will mean that the user will need to manually type in the network name when connecting new devices (because it will not be visible).
- Disabling Remote Access, UPnP, and WPS. Using the router settings to turn off features like remote access, Universal Plug and Play (usually for easy games console and smart TV access) and Wi-Fi Protected Setup (WPS – for easy connection of new devices) may sacrifice some convenience but will also make the router more secure.
- Using a guest network. This enables you to give access to a Wi-Fi connection without giving access to the rest of the network.
- Enabling the router’s firewall. This will filter data and block unauthorised access.
- Plugging other ways in through your devices and programs. This involves keeping security on devices and their programs/apps up to date and patched e.g. use strong passwords, use security software, and disable any devices that do not need access to Wi-Fi.
If you have an old router with old firmware, you could have a weak link in your cyber-security. If that old router links to IoT devices, these could also be at risk because of the router. Taking a close look at your router, its settings and getting to grips with firmware updates, the firewall, and what information about your router may be visible to would-be attackers could be important steps in improving router security.
Also, router manufacturers could take more responsibility for reducing the risk to business and home router users by taking steps such as disabling the internet until a user goes through a set up on the device which could include changing the password to a unique one.
Vendors and ISPs could also contribute to improved router security for all by having an active upgrade policy for out of date, vulnerable firmware, and by making sure that patches and upgrades are sent out quickly.
ISPs could do more to educate and to provide guidance on firmware updates e.g. with email bulletins. Some tech commentators have also suggested using a tiered system where advanced users who want more control of their set-up can have the option, but everyone else gets updates rolled out automatically.