Broadband Genie, the independent UK comparison service for telecoms and broadband, have published a new survey revealing some pretty shocking statistics when it comes to internet safety.
3,045 internet users were surveyed between the 1st January and 26th April this year, revealing that:
- 89% of respondents have never updated the firmware of their home router
- 86% have never changed the device’s administrator password
- 72% have never changed their Wi-Fi password
- 75% have never checked to see what or who is linked to their router
- 52% have never changed or updated their routers settings
Are you guilty of any of these? No shaming from us, but let’s take a little look at why ignoring these things when it comes to your router and security isn’t a great idea.
Why should I change my router from the default password?
If you leave your router set to the default password, it could allow hackers to identify which make and model of router you are using and work out the password.
Thankfully, many ISP’s supply long, randomised passwords with no real structure, making it harder to identify.
Do I need to update firmware on my router?
Many routers that come as part of a bundle directly from your ISP are thankfully set up to auto-update their firmware – Meaning you, the customer, don’t have to actually do any specific actions in order to keep your device up-to-date.
However, it’s probably a good idea to check with your broadband provider to confirm this is the case.
And don’t forget, many security and firmware updates are done at night – So don’t switch your router off overnight.
If you have purchased your router separately from an ISP bundle, then you may be required to carry out this action yourself to check for recent firmware updates. Remember that not all firmware updates are particularly accessible or easy to find, so you may need to seek support from the manufacturer.
It’s vital not to leave security vulnerabilities unpatched – And even some relatively modern pieces of kit could be susceptible to security risks.
What’s the reason behind people not changing their router password?
The survey respondents who had answered that they had never changed their router’s factory settings were then asked why they had not. The answer that 75% of those surveyed gave was that they didn’t know they needed to change it.
Your router is the single most important security device in your home network
It’s often the case that the router is the most important device in your home network when it comes to internet security.
Changing your router’s password from the default to a strong alternative protects your network, particularly if the password from your ISP is not properly randomised or ineffective.
It’s a good rule of thumb to assume that your router does not come secure out of the box. And if consumers are unaware of the risks, then clearly more awareness needs to be raised surrounding these security risks.
That’s where the Product Security and Telecommunications Infrastructure Act comes in.
The Product Security and Telecommunications Infrastructure Act
On the 29th April 2024, the Government brought in the Product Security and Telecommunications Infrastructure Act. This includes their new Secure by Design policy, which means that device makers (retailers and manufacturers) that fail to comply can be hit with financial penalties.
Changes include:
- The banning of easily guessable default passwords (like ‘admin’ or ‘12345’) so that vulnerabilities and hacking are prevented
- The prompting of users to change the default password
- Improved support for security issues by supplying contact details of manufacturers so that bugs and issues can be dealt with
- The requirement to state how long related network products will be supported by security patches (firmware updates)
These changes don’t just apply to routers – They also cover smartphones, televisions, games consoles, internet-connected fridges and other smart home devices such as doorbells etc.
