Make sure your home router isn’t putting your work security at risk

written by Michael Anderson posted on July 8, 2020

Working from home doesn’t mean you’re home free. Look no further than the deceptively unassuming home router.

Now that many of us have set up home offices, we’re using a home router not only for personal use, but also to conduct business. This can be dangerous, as the network security in your home office is most likely not as secure as working from your company’s office, leaving you vulnerable to security breaches and cyberattacks.

Your router is very important in terms of your online security. It checks incoming and outgoing traffic and is the gatekeeper to sensitive information. There are many devices that connect to your router, including computers, phones, TVs, and appliances. If hackers gain access to one device, they’ll potentially have access to all of the devices that connect to it, including ones that you may use for work.

How vulnerable is your home router?

To demonstrate the vulnerabilities of home routers, Germany’s Fraunhofer Institute for Communication (FKIE) recently conducted a study involving 127 home routers from seven large brands in Europe. The study’s purpose was to check the router’s most recent firmware versions for five security-related aspects:

1. When were the devices last updated?
2. Which operating system versions are running, and how many known critical vulnerabilities are there?
3. Which exploit-mitigation techniques do the vendors use and how often do they activate them?
4. Do the firmware images contain private cryptographic key material?
5. Are there any hard-coded login credentials?

Of these routers, 116 of 127 operating systems were powered by Linux, one by ThreadX and one by eCos.

The results are shocking – they found no router without flaws.

Among the findings:

• There were 46 routers that did not have a security update within the past year.
• Of the routers that were recently updated, many still had hundreds of known vulnerabilities.
• Some routers have factory-installed, unchangeable passwords that are well known and, therefore, easily cracked.
• Most firmware images provide private cryptographic key material, which means they are not secure.

Although the above survey is European, the results are similar in America, according to ZDNet’s article about a 2018 US study by American Consumer Institute (ACI). ACI analyzed 186 small office and home office Wi-Fi routers from 14 vendors and found 155 – or 83 per cent – were potentially vulnerable to cyberattacks.

What can you do to keep your home router secure?

To start, you’ll need access to your router’s settings, which you can usually access through your web browser or an app. Once you’ve done that, you’ll want to follow this process, as summarized from WIRED’s article, “How to Secure Your Wi-Fi Router and Protect Your Home Network to keep your router safe:”

1. Change your passwords regularly and use Wi-Fi Protected Access 2 (WPA2) security to require every new device to submit a password to connect.
2. Keep your firmware updated.
3. Disable remote access, UPnP, and WPS – most people don’t require remote access from outside their home.
4. Use a guest network, if it’s available – this allows you to grant Wi-Fi access to friends and visitors without letting them access the rest of your network.
5. Practice good security principles, including keeping your devices’ software updated, using a password manager, and disabling devices that don’t require Wi-Fi access.

How can we help your organization stay secure?

We can help you create a secure network, develop remote work policies and enforce them with technical and administrative controls, help train your staff on best practices, and integrate trusted and secure Cloud services to give you peace of mind – at work and the home office alike.

Get in touch with us today.