Govinfosecurity.com reported that the number of attempts to break into home routers went from around 10 million a month at the beginning of 2019 to over 190 million a month at the beginning of 2020. Hackers are seeking to add as many routers as possible to one of the three botnets of their choice: Mirai, Kaiten and Qbot. They’re doing it by using brute force attempts to use combinations of usernames and passwords they’ve likely acquired from data breaches of companies. So why is this a problem for corporations? Once hacked, criminals can use home routers as a malicious waystation for launching cyberattacks against companies, or to serve some of the worst illegal content the web has to offer. Yes, we’re talking way worse than Rickrolling.
Would your company be legally liable for what happens on your employees’ home routers? Maybe, maybe not. A specific hack could be traced to one of your employee’s routers, negatively impacting your company’s reputation. If the device was broadcasting harmful or illegal data alongside your company’s data things could get worse. Finally, employees working with an infected router could transmit the malware to their company when using the corporate network. Defending against home router hacks requires human intervention. Make sure the router’s software is up to date. Change the default password. Never re-use a password, especially for a key purpose like this. Run anti-virus, firewall, and if possible, use a hardware firewall like Bitdefender Box or one of these.