Gap in awareness leaving routers at risk from cyberattacks
September 2024 by Broadband
In our third router security survey, the team here at Broadband Genie wanted to know how, or if, attitudes have changed towards router security over the past 6 years. Previous surveys in 2018 and 2022 showed the vast majority of people had no idea they were compromising their security by not changing default settings or passwords.
Has that changed? Are more people now aware of network security or fewer?
For our 2024 router security survey, we polled 3,045 Broadband Genie users and asked the same series of questions.
You might find the results surprising.
We certainly did!
2024 Router security survey results
Let’s discuss the findings of the router security survey and what it means for the internet-using public.
52% have never adjusted any of their router factory settings
We’ll dive deeper into the results soon, but to start off, the majority of internet users have never adjusted any of their router factory settings.
The number was dropping slightly between 2018 and 2022, but has creeped back to a higher level than 6 years ago.
86% of respondents have never changed the router administrator password
We recommend changing the administrator password as soon as you set up your broadband router, but it seems 86% of users still don’t do it.
That’s a slight increase from 84% back in 2022.
Leaving the password as the default is the easiest way for someone to gain access to your router and therefore, your network and connected devices.
It’s an open invitation to nefarious characters to snoop around and take what’s yours.
It’s illegal to sell connected devices with weak passwords in the UK, but router manufacturers use a specific type of username and password.
That information is out there for everyone to see, which makes it easy for hackers to attack your router.
Considering how easy it is to change the password, it’s a real shame more users aren’t changing them.
72% of respondents have never changed their Wi-Fi password
The Broadband Genie router security survey also found that just 28% of users change their Wi-Fi password.
Changing your Wi-Fi password is a simple, yet fundamental security precaution and takes seconds.
Similar to the router admin password, default Wi-Fi passwords are well known, and it would take seconds for a knowledgeable hacker to gain access.
89% of respondents have never updated their router firmware
89%, or 9 in 10 respondents have never updated their router firmware. This is a slight increase from 88% of users back in 2022, which is not the direction we were hoping for.
Firmware is the software routers use to operate. It’s often updated over time to add new features, make the router more secure, resolve any issues and optimise code.
Failing to update can leave routers vulnerable, which is why this result isn’t the one we wanted to see.
The challenge is, updating router firmware can seem complicated, and the instructions aren’t always clear.
Fortunately, many newer routers handle updates automatically, but it’s still something users need to be aware of.
Broadband Genie asked Oliver Devane, Senior Security Researcher at McAfee, why it’s important to adjust your router factory settings: “Many default settings can be dangerous in the hands of cybercriminals. Your router is the gateway to all the connected devices in your home, so it’s key to make sure it’s secure.
“Cybercriminals take advantage of bugs and vulnerabilities in firmware, to gain access to your online information. Keeping the firmware up to date with the latest security patches will prevent this from happening. Investing in protection software which has a VPN will also encrypt and secure internet connections, adding an extra layer of protection to help you stay safe online.
“Just like changing the lock on your front door, changing the default router password will ensure only authorised people can access your home network.
“Many internet users are simply unaware of the risks associated with their routers, and more needs to be done to raise awareness.”
89% of respondents haven’t changed their network name
Changing your network name is a small, but useful security precaution to help protect your home network, but it seems 89% of people still aren’t changing theirs.
That’s another increase, from 87% in 2022.
The network name is your Wi-Fi name such as ‘SKY12345’ or ‘Linksys-7890’. Leaving it as default provides a simple way for hackers to identify the router, making it easier to access your network.
75% of respondents haven’t checked to see who is using their network
It seems only 25% of survey respondents check to see who or what is using their home network.
An average home network has 12 connected devices, but most users don’t check. This is a fundamental security precaution which is usually very straightforward to do.
75% of respondents don’t know why they would need to adjust their router settings
So what’s the reason behind us not engaging with our router settings? The vast majority of our survey respondents do not know why they would need to make these changes.
Worryingly, this awareness gap has stayed at a high level and slightly increased over the last two years.
72% of respondents do know how to change router settings
Our survey revealed that only 18% of users don’t know how to change their router settings.
It’s encouraging to see that this number of users confident to engage with their router settings has continued to grow.
How to prevent being a victim of a cyberattack
There are some simple but effective ways to help prevent cyberattacks.
Each requires just a couple of minutes and can make a big difference to how secure your home network is.
Change passwords
Changing your router administrator and Wi-Fi passwords are the single most effective precautions you can take. They are also the easiest.
Make passwords as long as you can while remaining easy to remember. If you can add a mix of uppercase and lowercase letters, numbers and special characters, all the better.
Change your network name
Changing your network name not only personalises your network, it also makes life harder for cyber criminals.
You can change your network name at the same time you’re changing your Wi-Fi password.
Update your router’s software
Many routers will automatically update their firmware, but not all do. It takes just a few seconds to check the firmware on a router and compare it to the latest version on the manufacturer’s website.
We recommend checking every few weeks to see if there’s an update.
Check who’s using your network
Checking who’s using your network prevents people from using your bandwidth without permission, identifies devices you forgot had internet access and helps identify unauthorised access.
Most routers will have a list of connected devices within the dashboard. Check it regularly and kick any device or user you don’t recognise.
Read this guide for more information on securing your router.
What to do if you’re a victim of a cyberattack?
Even if you take every precaution possible, you still may be unfortunate enough to be a victim of cybercrime.
So what can you do?
Disconnect your internet and perform a full factory reset of the router. This will erase any code the hacker may have installed to give them access. This will reset all your settings but is an essential step.
Change your router admin password, Wi-Fi password and network name to something unique immediately. Don’t reuse anything you used before.
Check devices to see what an attacker may have been able to access. Follow up with any banks or organisations, just in case.
Reach out to your ISP for guidance if you need extra help.
It’s important to stay informed and regularly educate yourself about cybersecurity best practices to better protect your network in the future.
Taking these steps can help you recover from a security breach and strengthen your home network against future attacks.
Methodology
Broadband Genie polled 3,045 internet users between 1st January 2024 - 26th April 2024.