Apologies if this is a stupid question but as a complete newbie on security issues and having been hacked I feel it is time to get some understanding !

I have 2 pcs (w98) connected via an OfficeConnect ISDN LAN modem to my Service Provider. Each pc has the free Zone alarm firewall program running and also Norton Antivirus.
Whilst I am reasonably confident that the pcs are protected does the router, which I do not think has a physical firewall, pose any risk.
I do realise that this fairly cheap router provides a sort of firewall by blocking incoming requests that did not originate from the home network (NAT?) but is it a weak point?

I think what I am asking is that if someone could get access to it could they do what they wanted from the router i.e see whatever came in and out?

Sorry if this is bit of a general and basic question but just trying to get an understanding of all points of risk.

Many thanks for any advice.