Published: March 15, 2024

Our new bulletin Cyber Threat Watch has been created to help small businesses stay up to date on the latest threats, news, and events affecting their business. The content has been curated to make cybersecurity easy and accessible for both technical and nontechnical readers.

A recent warning from the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) has highlighted the serious threat posed by a group of cyber attackers sponsored by China, known as Volt Typhoon. They exploit vulnerabilities in small office/home office (SOHO) routers, using them as entry points for broader attacks on critical infrastructure in the United States. This increasing threat emphasizes the criticality of implementing strong security measures in the design, development, and maintenance of SOHO routers.

What is Secure by Design?

The concept of “Secure by Design” is fundamental in mitigating cybersecurity risks associated with technology products. Manufacturers must prioritize security throughout the entire lifecycle of their products, from the design phase through release, updates, and beyond. Integrating security measures into product development from the outset reduces the burden of cybersecurity on end users and minimizes potential exploitation by malicious actors. However, the widespread presence of these insecure devices emphasizes the critical need for manufacturers to adhere to secure design principles diligently.

What Can You Do as an End User?

Manufacturers need to prioritize security when designing their products, but as an end user, you can take the following steps to protect yourself:

1. Choose Secure Routers: Look for routers from manufacturers known for prioritizing security. Check reviews and choose reputable brands known for secure design practices such as these.
2. Keep Your Router Updated: Regularly update your router’s firmware. These updates often include patches for security vulnerabilities.
3. Secure Your Router: Change the default password on your router to something strong and unique. Disable remote management features unless absolutely necessary.
4. Use Separate Devices for Your Modem and Router: Use two separate devices for your modem and router, if possible. This can make your network more secure.
5. Consider a Business-Grade Router: Consider getting a business-grade router, if it fits within your budget. It typically has better security features than routers developed for home use.
6. Stay Informed: Keep yourself informed about cybersecurity threats and best practices. Regularly check for updates from your router’s manufacturer and follow security recommendations.

In conclusion, the joint alert from the CISA and the FBI emphasizes the critical need for manufacturers to prioritize security in SOHO router design, development, and maintenance. Adhering to secure design principles enhances the resilience of products against cyber threats and safeguards national security interests. Additionally, end users must remain vigilant and proactive in implementing cybersecurity measures to protect their networks effectively.

The NCSS encourages businesses to adopt comprehensive security practices and stay informed about evolving technology trends. We recommend you leverage a managed security service provider (MSSP). We have partners who can help, here. For more information, visit our Small Business page.

References

https://www.cisa.gov/news-events/alerts/2024/01/31/cisa-and-fbi-release-secure-design-alert-urging-manufacturers-eliminate-defects-soho-routers

https://www.cisa.gov/sites/default/files/2024-01/SbD-Alert-Security-Design-Improvements-for-SOHO-Device-Manufacturers.pdf

https://www.tomsguide.com/us/home-router-security,news-19245.html

https://www.lifewire.com/best-secure-routers-4140134

About the NCSS

The National Cybersecurity Society (NCSS) is committed to improving the online safety and security of the small business community through education, awareness, and advocacy. As a 501(3)(c) organization, the NCSS uses funds from charitable donations and grants to develop educational materials, webinars, weekly cyber tips, videos, and how-to-guides. The organization’s goal is to enable and empower small and medium businesses to obtain cybersecurity services, assist them in understanding their cyber risk, and advise on the type of protection needed. We want to continue to grow our community and encourage you to tell other small businesses we are here to help.

The NCSS is committed to respecting the use of images in our communication efforts. Accordingly, unless otherwise specifically noted, the graphics in our bulletin are sourced under license from Adobe Stock. The header and footer images were designed and purchased through a contract with Eyedea Advertising & Design Studio.