Ask most people when they last looked at their router and they’ll probably say it was when they needed to get the Wi-Fi password from the sticker at the bottom. Other than that, it tends to just sit there, forgotten and unloved, in the corner.
And the same is true for many businesses. Your router is something you install at the beginning and then forget about.
But a vulnerable router can be a gateway for cybercriminals, as they exploit any weaknesses and use it to gain access to steal personal data, carry out Distributed Denial of Service attacks (DDoS) or credential stuffing, whereby hackers will gain access to your password for one site, and then use it to try lots of others and gain illegal access to those, too (and how many of us still use the same password for multiple sites, despite all the advice not to?!).
And, now that we’re in all in the GDPR era, it’s more important than ever to make sure your router is doing what it’s supposed to do – your level of responsibility has increased, and the National Cyber Security Centre has issued warnings regarding ‘flawed security of internet infrastructure devices such as switches, firewalls, and especially routers.’
In terms of GDPR, a big risk of having a router that’s vulnerable to attack is of course a data breach. A data breach that could impact personal data must be reported to the Information Commissioner’s Office (ICO) within 72 hours. Failure to report a breach could result in a fine of up to 10 million euros, or 2% of global turnover. Ouch.
What can I do to protect my router?
- Make sure your router’s firmware is kept regularly updated, so that the latest security vulnerabilities are corrected. (We recognise that this might be a bit too technical for the average user – so ask an expert to do this for you).
- Ensure your router/firewall has custom firewall rules, appropriate for your business. Don’t just use the ‘default’ rules.
- It’s not enough to have just ‘in-bound rules’ anymore. A correctly configured firewall can do more than just keep people out. Implement ‘out-bound rules’ too, to prevent data from leaving your network. A good example would be to block out-bound SMTP traffic through your firewall – thus restricting all email traffic to your Office365 environment (some malware will ‘email’ data back to the criminals using the SMTP port).
- Consider a firewall with subscription-based updates. You already do this with your Anti-Virus, right? You pay monthly/annually for the updates, and you’re protected against the latest threats, every day. But, do you do this with your firewall? After all, this is your main ‘perimeter security device’.
- Change the password! Many routers are set up using the default username and password – and it won’t take long to hack if both are ‘admin’! A 2018 survey of 2,205 home-internet users reported that 82% of respondents have never changed the default admin password for their broadband router and 86% have never updated its firmware.
If you’re a projectfive customer and have any concerns about the security of your router and firewall, give our team a call on 01276 455466 and we’ll be happy to help.