When you setup a wireless network for your small business, it is important to implement the best practices of wireless security in order to deliver a positive experience for your end users. After all, a malicious hacker could potentially sit in the parking lot of your business and hack your network, if the proper precautions haven’t been taken. This begs the question: Is your wireless network really secure?
Evaluating the Security of your WiFi Network
Finding a happy medium between ensuring security while providing a robust wireless network for your users can be a delicate balancing act. Here’s a short list of items to look at when evaluating the security of your wireless network:
- Does your WiFi operate on its own VLAN?
- Can you ensure that sensitive file shares are inaccessible from WiFi?
- Is your WiFi router setup in a place that only allows IT staff to physically access the device?
- Do you frequently change your WiFi password?
- Have you enabled a MAC address whitelist?
If you’ve answered “No” to any of these questions, your wireless network could be vulnerable to an attack.
When WPA2 Encryption Isn’t Enough
Almost every modern WiFi access point will offer WPA2 encryption. You should always select this type of encryption to protect yourself against attacks that involve malicious actors sniffing your packets and cracking the encryption key. You should never use older encryption methods such as WPA or WEP.
What if WPA2 isn’t enough? While the transmission of your data may happen securely using WPA2, what if a hacker were to gain access to your wireless network using a more conventional method such as someone inadvertently sharing the password with an authorized third party?
Public WiFi Attacks: Are You At Risk?
Consider this scenario: You’re a small business and you must provide a wireless network for visitors to use within your office. The simple solution would be to venture down to your local computer hardware store, buy a cheap wireless router, plug it into your switch, and begin handing out the password to your visitors. The problem with cheap plug-and-play wireless networks is that by glossing over the basics of wireless networking security, your business could be putting its most important data at risk.
Think about it, if wireless users are able to map to the file shares on your network from the wireless access point, any number of bad things could potentially happen:
- An infected laptop that connects to a network could seek out network file shares and attempt to damage the files. An example would be the popular CryptoLocker infection.
- A hacker that somehow gains access to the network could be able to find your most precious data, thus putting your business at risk.
- A malicious actor could gain access to your network and begin using it for nefarious purposes.
How to Mitigate Common Wireless Security Risks
If someone gains unauthorized entry into your wireless network, your entire business could be at risk. Luckily, there are strategies that you can implement that will allow your organization to mitigate against the risks of operating a wireless network.
Hide Your SSID
Security by obscurity is a popular tactic to mitigate against attacks. Hackers can’t hack what they can’t see. Only laptops that know the name of the SSID will be able to connect to your wireless network.
Change Default Passwords for your Router
One of the most popular username and password combinations for wireless routers is:
Username: admin
Password: password
Let’s say your WiFi password gets in the wrong hands. The attackers would simply go to the web interface of your gateway, use the default admin username and password and make any changes that they’d like to your wireless network access point.
Update your Firmware
Consider the make and model of your router. Even consider setting up a Google Alert that will email you when new firmware has been released. Weak firmware can lead to attacks on your specific brand of router.
Require MAC Address Whitelisting
If you are an IT department that issues laptops to end users, you may want to consider MAC address whitelisting. This is simply a policy that you configure on your wireless access point that only allows those with specific MAC addresses to connect to your network. This way, you know who is connecting your network.
Automating MAC Address Whitelisting
To automate this process, many IT departments have setup a portal that helps with onboarding new mobile devices on the wireless network. This portal may run a series of checks on the machine in order to enforce requirements before connecting to the WiFi network. Requirements such as only allowing computers with virus protection to connect can be configured.
Utilize Your Firewall
For most small businesses, a well configured firewall that offers content filtering can block attacks against those that connect to your wireless network.
Higher end wireless networks have a firewall built in, giving you more bang for your buck. If you want additional security, consider paying more for a WiFi access that has sophisticated firewall software baked into the platform. Popular vendors include Cisco, SonicWALL, Palo Alto, etc.
Consider Setting Up Access Windows
A lot of wireless access points will let you give you the option to disallow connections during a certain time. If there is no reason for anyone to ever connect to your wireless network at 3AM, configuring these restrictions might shrink your organization’s attack surface.
Summing It All Up
A quick review of your wireless security policies can help your business securely provide wireless access for those using laptops, smartphones or tablets.
When you implement the best practices discussed in this article, your business will be on the fast track to ensuring the safety and security of your organization’s wireless network. If your business is in desperate need of wireless network solutions, give us a call at (833) 482-6435 or schedule a consultation online to let us know what your business’ needs are. We look forward to hearing from you!
{{cta(‘6f40e91b-3b4d-428d-9b4c-3e74b910bf29’)}}
If you enjoyed this IT Support article, please check out other posts on our blog and join us on Facebook, Twitter, LinkedIn, and Google+ to see how else we can help your Greenville, SC or Atlanta, GA area business succeed!