BACKGROUND:
Consumer watchdog ‘Which?’ recently examined 13 Wi-Fi router models, provided by major names such as Sky, EE and Virgin Media, and found that almost two-thirds had significant cybersecurity flaws, putting millions at risk. These flaws come in the form of weak default passwords, network vulnerabilities which could concede full control to hackers, and lack of firmware updates from as far back as 2018.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
<p>These findings are very worrying now that remote working has become the new norm. This shift has creating newfound challenges and vulnerabilities for organisations, of which cybercriminals are aware and continuously trying to exploit. The security of employee home networks and devices is therefore paramount, to ensure that company data is also protected.</p> <p> </p> <p>Employees should make sure to check that they are using an up to date version of their internet provider’s router. Similarly having an encrypted network, regularly installing updates and creating a strong password, as opposed to the default password provided are crucial to ensuring security within the home. Bad password hygiene is a concern amongst many organisations with our latest research showing 78% of UK respondents believe that their employees’ poor password hygiene is putting their company at risk.</p> <p> </p> <p>The research also found that 51% of UK organisations expect security naïve employees to be their biggest email security challenge in 2021. Employers can also play their part in overcoming this problem by providing regular cybersecurity training which should include a component on how employees who work remotely can bolster their home security defences.</p>
<p>With the number of smart and connected devices in the home today, a breach into a home network could allow hackers to mine for personal data, extort money, and even physically break into your home by shutting down alarm systems and opening doors by wireless access. On top of this, a compromised router could be used by criminals as part of a DDoS (distributed Denial of Service) attack against an online resource or simply to mask the origins of their illegal activity.</p> <p> </p> <p>Some manufacturers of routers already ship devices with a unique key – which is something that all manufacturers, regardless of where they are based, should be doing as an elementary security measure. However, until all vendors do this, consumers must get into the habit of changing default passwords immediately, to ensure their router is not open to attack by anyone who knows the default password used by the manufacturer. Consumers should also check that devices can be updated, to reduce vulnerabilities that criminals can exploit, and ensure that encryption is enabled on routers. It’s also important that they enable encryption on the device – ideally WPA2 encryption.</p>