How much thought do you give to your router?
If you’re like most other internet users, you won’t give it any thought at all. You probably just plugged it in when it arrived years ago, and haven’t given it a thought since, except to fumble around underneath it looking for a WIFI password. It sits in the corner gathering dust, occasionally blinking at you, and you leave it alone because…well if it’s not broken, why would you fix it?
An therein lies the problem – if you haven’t fixed it recently, it may well be “broken” and storing up a host of problems. An old router may have been left without updates for many years and will be full of security problems which can easily be compromised by hackers and malware.
Many home and office routers, including well-known and reputable brands, have vulnerabilities which are at risk of being exploited by cyber-attackers. The biggest risk to home users is the theft of their personal data. Previous attacks have targeted bank customers, hijacked routers, and redirected customers to a cloned bank website to steal log-in details. Would-be criminals are even able to access online databases to research specific router manufacturers and the specific vulnerabilities of their products.
As we become more reliant on internet enabled devices to make our lives easier (e.g. lights, smart doorbells, voice assistants), the risk to our online security increases. Whilst you may have robust security and protection built into your home security system, if your router is old and not updated, your whole system becomes vulnerable. A major part of the problem is that most home internet users are not tech savvy. Many still use the default password for not only the WIFI but for the admin account associated with it. This situation is not helped by the fact that routers are now ridiculously easy to set up – you quite literally plug it in and go, straight out of the box. But this convenience comes at a cost, leaving users with default passwords and security passwords leaves them vulnerable to attack. Routers would be safer if manufacturers and providers required new users to set up their own passwords and security settings prior to activating their connection and service. The lack of technical knowledge of the most users contributes to the lack of updates performed leaving older routers exposed and vulnerable to attack. Given that most users are not motivated to increase their technical knowledge, and are blissfully unaware of the potential problems they are storing up, some of the burdens must fall on ISPs and vendors. As most of them don’t have an effective upgrade policy, they need to take pre-emptive steps to ensure customers data is kept safe. An active upgrade policy could involve ISPs sending regular emails and updates to keep users informed, but that could lead them open to phishing scams. Perhaps the most effective and unobtrusive solution would be for updates and upgrades to be remotely rolled out and administered automatically to users so that their involvement is not needed.
So look at the router in the corner, blinking and gathering dust. Spend some time to see if it is protecting you as it should be.