The average user probably doesn't even suspect that their SOHO (small office / home office) router could be hacked. When your small business clients think about network security, they probably only think about anti-malware software and avoiding malicious emails and websites – if they even think about it at all.
But security experts have begun to warn users and IT professionals that those little black box routers could be a major source of data breaches in the future. In fact, ArsTechnica reports security experts have sponsored router hacking contests with the deliciously punny name, "SOHOpelessly Broken." If puns can't save our Internet security, what will?
Why SOHO Routers Are the Weak Link in Small Business Cyber Security
Because routers direct a user's Internet traffic, hackers can use hijacked routers to download malware and send your clients to malicious websites.
A hacked router is a bit like riding in a bad taxi. The cab driver takes you all over the city before finally dropping you off where you want to go.
If a client's router is hacked, here's what often happens: the user types in a URL, while unbeknownst to them, the router secretly takes them through another website that contains a cyber threat. On this circuitous route, the user might accidentally pick up malware.
But hacked routers can lead to all sorts of cyber attacks. For example, hackers can…
- Steal data directly from USB-attached hard drives or network-attached storage.
- Use pharming attacks to steal login credentials for a user's bank account.
How Many Small Business Routers Have Been Hacked?
Sometimes when you read about new cyber attacks, the vulnerability is just theoretical. Security researchers have found a flaw in a piece of software and have been able to hack it in their digital laboratory.
So how serious is this threat?
As it turns out, there's been a huge growth in SOHO hacking over the last few years. The SOHOpelessly Broken contest is a response to the fact that cyber researchers are seeing this threat in the wild.
According to ArsTechnica, security researchers found that 30,000 thousand routers had been compromised in a recent attack. That's just one incident.
This risk could be doubly problematic for IT consultants and contractors because they often work with small business clients who use SOHO routers.
How Do IT Consultants Prevent a Router Hack?
Hackers are more inclined to target small businesses with cheap, off-the-shelf routers. These basic routers typically don't have secure firmware to handle the cyber attacks.
Knowing that, here’s what you can do to try to limit your clients’ exposure to SOHO threats:
- Convince clients to invest in a router with robust security. These usually range from $100 to $300.
- Educate clients about their risks. Small business data breaches cost an average of $300,000, according to Andrew Bagrin, a cyber security specialist. (For more details, read his interview with Small Business Computing.)
The security weaknesses in routers reveal a scary truth: cyber criminals can find vulnerabilities in much of the basic technology of that connects your clients to the Web. What's worse, the IT consultant who installs a SOHO router for a client exposes their own business to the risk of a lawsuit.
If a client is hacked, they can sue their IT consultant, especially when the attack came via a product with a known security weakness. For this reason, many IT consultants carry Professional Liability Insurance (aka E&O Insurance), which covers data breach lawsuits and other common IT lawsuits.
To learn more about managing IT risk and the cost of E&O insurance, see our sample insurance quotes for IT contractors.