If your office has one router in a closet and nobody thinks about it unless the internet dies, CISA wants you to reconsider that habit today.
The agency’s July 13 advisory, "Improve Router Hygiene to Protect Against Russian State-Sponsored Targeting," says Russian FSB Center 16 actors are scanning internet-exposed routers and looking for weak configurations they can exploit. CISA and co-sealing agencies say the activity includes abusing SNMP, especially where devices accept default or common community strings. CISA advisory
That sounds technical because it is technical. The owner takeaway is not.
For small businesses, routers are often the first thing attackers can touch and the last thing anyone audits. If the router is old, unmanaged, or configured once and forgotten, it can expose the whole office network. That means the problem is not "some network gear." It is contracts, payroll, client files, Wi-Fi, and everything else sitting behind the box.
CISA says the observed behavior can include copying device configurations, changing settings, and using compromised network devices as stepping stones for later activity. The mitigation advice is equally plain:
- use SNMPv3 instead of SNMPv1 or SNMPv2
- disable legacy SNMP versions if you can
- change any default community strings
- use strong, unique passwords for local accounts
- restrict management access to trusted devices and networks
- update firmware and replace end-of-life devices
That is the part most owners can act on without waiting for a full security overhaul.
If you want a fast morning checklist, start here:
- Ask who can log into the router today.
- Check whether SNMP is on and whether it still uses default strings.
- Confirm the firmware is current.
- Find out whether the device is end-of-life.
- Move any management access off the public internet if it is exposed.
If the answer to any of those is "I do not know," that is the bug.
One more reason this matters: CISA’s Known Exploited Vulnerabilities catalog still includes Cisco Small Business RV320 and RV325 routers, which should put older small-office gear on the replacement shortlist, not the "someday" list. KEV catalog
The useful way to read this advisory is not as a national-security abstract. It is a reminder that the cheapest-looking piece of infrastructure in the office can be the most expensive one to ignore.
Owner takeaway
Treat the router like critical equipment. If it is old, exposed, or left on default settings, it deserves a real review before something else does.