Your router, that box sitting in a corner of your house giving you internet access, is in many ways more important than your laptop or mobile phone. It might not store any of your personal information directly, but sensitive data passes through it every time you access various online services and can be stolen or manipulated if the router is hacked.
A compromised router can also serve as a platform for attacking other devices on your local network, such as your phone or laptop, or for launching denial-of-service attacks against internet websites. This can get your IP address blacklisted and can slow down your internet speed.
Because it's exposed directly to the outside world, your router is frequently targeted by automated scans, probes and exploits, even if you don't see those attacks. And compared to your laptop or phone, your router doesn't have an antivirus program or other security software to protect it.
Unfortunately, most routers are black boxes and users have little control over their software and configurations, especially when it comes to devices supplied by internet service providers to their customers. That said, there are certain actions that users can take to considerably decrease the likelihood of their routers falling victim to automated attacks.
Many of those actions are quite basic, but others require a bit of technical knowledge and some understanding of networking concepts. For less technical users, it might simply be easier to buy a security-focused router with automatic updates such as the Eero, Google OnHub, Norton Core, Bitdefender Box, or F-Secure Sense. The downside is that those routers are expensive, some require annual subscriptions for certain services, and their level of customization is very limited. Ultimately, their users need to trust the vendors to do the right thing.
If you don't want to get one of those, or already have a router, follow along for a detailed, step-by-step guide on how to secure it.
Choosing a router
If you prefer getting a cheaper router or modem that you can tweak to your needs, avoid getting one from your ISP. Those devices are typically manufactured in bulk by companies in China and elsewhere and they come with customized firmware that the ISPs might not fully control. This means that security issues can take a very long time to fix and in some cases, they never get patched.
Some ISPs force users to use gateway devices they supply because they come pre-configured for remote assistance and there have been many cases when those remote management features have been poorly implemented, leaving devices open to hacking. Furthermore, users cannot disable remote access because they're often not given full administrative control over such devices.