You already know you need to secure your business Wi-Fi network. But did you know that Wi-Fi access points are still a weak link that could compromise your efforts and put precious data at risk?
Wi-Fi signals don’t respect boundaries and often spill out into the street. That can be an open door for hackers and unless you take steps to nail down your Wi-Fi, you may as well leave the office unlocked at night. If you don’t secure your network then, at best, you’ll get the local Wi-Fi moochers stealing your bandwidth. At worst you’ll have a serious security breach on your hands.
Here are five tips to beef up your Wi-Fi security and keep hackers out.
Use WPA2
If you are using WEP (Wired Equivalent Privacy), then you need to get with the times as it’s been understood for some time that WEP has some fundamental flaws and any decent hacker with Aircrack-ng on their laptop could be rifling through your virtual drawers in minutes.
This is your business network, so don’t take chances. Go for the strongest security you can and install WPA2 protection. At the very least you should go for WPA, but the newer system should keep you one step ahead in the constant race against cybercriminals. This is especially the case these days as hackers don’t need to be skilled in order to access business systems. All they really need to do is buy an exploit kit on the black market, which can be obtained for very little money now.
If you are stuck with WPA then check your router. Some of them offer Wireless Protect Setup (WPS), which makes it easier to connect. It also makes it easier to hack, so disable it.
Bigger companies on WPA should opt for enterprise mode, which allows a separate login for each employee and a degree of accountability. Security threats don’t always come from outside, after all, and this set-up makes it easier to terminate access when the company terminates an employee. To run this system, though, you’ll need to run it on a server.
Go Rogue
You can go to the ends of the Earth to secure your Wi-Fi network. Your work can be blown out the water by pro hackers, though, or even your own colleagues.
It all sounds a little like covert military operations, but you have to sweep the office regularly. Thankfully you don’t really need a high-tech scanner, just a laptop loaded with aerodump-ng or Vistumbler that will sniff out suspect packages and locate rogue Wi-Fi points.
This is important, because a rogue access point can strip out all your security, broadcast your SSID and open the network to everyone. Forget about hackers, if this happens literally anyone could connect to your network and they won’t even need a password.
Use a secure password
It sounds obvious, but then you’d be surprised how many companies get hacked because they used a password everyone could remember. It’s a sad fact that despite the need for good security when used on a business network, many people still opt for silly, easily crackable passwords such as 123456 or (trying to be clever and failing) ‘password’.
Ditch the company slogan and go for a long and random selection of letters, numbers and capitals. You need at least 13 characters to defeat most brute force attacks, but even that won’t stop some and you should use all the characters you can. Don’t let them write it down on a Post-It on the screen either. People can steal access the old-fashioned way if you’re lazy. Find and use a decent password manager.
Go for the longest and most random selection of lower case letters, capitals and numbers that you can. Then test it using something like Cloudcracker. If the system cracks the code then you need to go further.
Hide Your Network
If you don’t stop it, your Wi-Fi network will broadcast its SSID details far and wide. It’s trying to be helpful and for most users, this saves them the hassle of entering the network name in order to connect.
It’s a minute’s work to set the SSID to ‘hidden’ and to stop the network advertising its presence. Change the SSID identity and every default name on the system, too, because if you leave the name intact then you have saved the hacker’s time.
Office computers will have to be set-up, of course, and employees will scream for help with their own mobile devices. They should know the name of the network, though, so can enter the details themselves. Saying that, it’s better practice if you allow BYOD to use a mobile device management (MDM) system.
Convenience is never an excuse for lax security measures, so you will have to put up with repeated requests for login information. Hackers equipped with proper software will still be able to sniff out the network, so this is just one measure you should take and do not rely on it. A layered approach to network security is required at all times and this requires hardware firewalls at router level, as well as appropriate antivirus solutions and file monitoring software, for full protection.
Turn your router off at night, too, if your business doesn’t need 24-hour access. No hacker in the world can find your network if it isn’t there.
Don’t Invite Network Guests
Some offices have a virtual revolving door of visitors coming in all day long. Nowadays many of them want to hook up to your Wi-Fi to take care of emails and even catch up on the latest viral videos. The problem is that the visitors don’t always take as much care of their security as you do. So allowing them free reign means you’re open to systems loaded up with viruses and malware. Of course it can happen in reverse, too.
It’s a little aggressive to say no, so you’re stuck with gaping holes in your Wi-Fi’s security right? Wrong. You can offer a guest network that keeps visitors away from your sensitive internal network.
Most business level routers can run two networks at once. Even though this is a relatively open network you should still run basic security measures. Put a password on the system, to prevent the whole world draining your Wi-Fi bandwidth and also to protect your guests from prying eyes while they are on the system.
In the modern world, as technology races ahead and becomes further integrated into our everyday lives, security and privacy are desirable – for businesses though, they are vital if they are to retain important data and protect customers, as well as avoid fines if they should lose such data.