Quick question: did you buy a consumer-grade router for your small business? Something off the shelf, nothing too fancy?
If so, it may be time for an upgrade. According to a report by ThreatPost, over 12 million home routers have a vulnerability dubbed "Misfortune Cookie" that could give a hacker remote access to your device. Once attacked, the hacker could direct the traffic going to and from your router, leaving your business utterly exposed.
Here's what you need to know:
- The vulnerability affects routers from leading manufacturers, such as D-Link, Huawei, TP-Link, ZTE, and Zyxel.
- The flaw has to do with the devices' embedded webserver called "RomPager."
- The flaw was fixed in 2005, but it didn't make it into consumer devices, exposing 12 million devices in 189 countries.
The risk is more than a privacy violation if you're a business owner – it's a data breach waiting to happen. The security researchers at Check Point say once a hacker has access to your router, they can install malware, make permanent configuration changes, and bypass any firewalls.
The result? The attacker can extract data from your business backup drive – e.g., private customer data that you are responsible for protecting. Once customer information gets into the wrong hands, you have to notify affected parties, pay for credit-monitoring services, and repair your business's bruised reputation.
In other words, that sweet profit margin you had before? Gone in a flash.
Luckily, there's a quick fix for this latest cyber threat.
One Small Step for Your Business, One Giant Leap for Its Cyber Security
If you run a one-person shop or a home-based business, it can be hard to see the value in investing more in the device that allows your business to connect to the Internet. Given the amount of sensitive information your business handles, investing in a commercial-grade router can step up your security considerably.
Whereas consumer-grade routers have some rudimentary security features, business routers have two Internet connections, advanced firewalls, and more. On the downside, these routers can be quite pricey for small-business owners and may offer more bells and whistles than you actually need.
If you're not ready to make the transition to a full-blown commercial router, there is one thing you can do to substantially improve your cyber security: install the firmware patch for your router.
Updating the firmware for your device is…
- Simple (a quick Internet search should do the trick!).
- Inexpensive or free, in most cases.
- Necessary to reduce the risk of a costly data breach.
As a failsafe, be sure to carry Cyber Liability Insurance. Though no insurance policy can prevent a data breach, this particular policy can give you the resources you need to handle a cyber attack's expensive aftermath. It can pay for notifying customers about a breach, credit monitoring, PR measures to rebuild your reputation after a breach, and more. You can learn more about the coverage here: "Why Your General Liability Insurance Doesn't Cover Data Breaches."
For more ideas on how to amplify your small business's data security measures, read the post, "One More Way Customers Can Sue You."