CyberCX has released its annual Digital Forensics and Incident Response Year in Review Report for 2023 →

How do you manage the potentially unpatched home routers when the user is not tech-savvy enough to even know what firmware is?


Mark Hofman Answered by Mark Hofman, Chief Technology Officer, CyberCX

Unfortunately, there isn’t a simple answer here. Many users will have a device provided, controlled and managed by their ISP without them having any control over how it is configured. Others may have devices that are no longer supported. There are, however, several approaches we’ve seen over the years to address this issue:

  • Extend internal IT support to home devices
    We have seen a few customers who have extended their internal IT expertise to BYOD devices, including routers. They would assist when routers break as well as helps users patch these devices as needed. I’ve seen customers even runs vulnerability scans on their staff home devices (with permission) to help manage risk. Whilst initially painful, over time they have found the management effort to be quite minimal
  • Provide a device
    Another option is to provide a device. Here an organisation provides a managed and monitored wireless router that users plug into their home environment. It provides a secure SSID for employees to connect their devices to. This, unfortunately, can get expensive but may be an option for high-risk users
  • Provide Education
    Support home users in patching their devices. This is not without its challenges but may work depending on their technical competence and comfort level
  • Focus on the endpoint
    Ignore the home router and focus on endpoints. Assuming that employees have a supplied device, you can deploy your own AV/EDR product as well as control and manage firewall configurations. Using a combination of VPN connections and managed endpoints will help reduce your risk.
  • Use Virtual Desktop Infrastructure
    If an organisation already uses Virtual Desktop Infrastructure, then endpoints and home routers are almost a non-issue.

View our 5 easy steps to improve your cyber resilience.

Cyber Resilience Strategies

Ready to get started?

Find out how CyberCX can help your organisation manage risk, respond to incidents and build cyber resilience.