Risky Business: Is Your Customer-Facing WiFi Secure?

customer_wifi.jpg

By now you’re well aware that offering WiFi access to customers is a smart business decision. It can significantly increase customer satisfaction, sales, visibility in the community, and even brand ambassadorship for your small business.

But all of these benefits have a flipside: if your customer-facing WiFi isn’t secure, you risk non-customers using your WiFi without your knowledge or, worse, accessing your confidential business data. Here’s how to tell whether your customer-facing WiFi is secure, and if not, the steps you should take to protect it.

Is Your Router Physically Secure?

Is your router in an easily accessible place? If so, you may be leaving your WiFi open to a simple and often overlooked danger. Just hitting the reset button on your router can get around many more sophisticated security precautions.

While it may seem like a no-brainer, it’s important to make sure that your router is in a secure location with restricted access. Place your router in a locked cabinet, or keep it in an office that is always locked.

Have You Changed the Default Router Password?

Changing your router’s passphrase may seem like another obvious precaution, but you might be surprised: the simplest, most common way for people to access a business’s WiFi without permission is by using the default router passphrase which has never been updated. These passphrases are easily accessible online for any unscrupulous person to look up and utilize.

For more security, choose a password or passphrase that is at least fifteen characters long, with a mix of letters, numbers, and special characters. By selecting a lengthy, strong passphrase for your router, you minimize the chances of an outside user to access your WiFi. Share this passphrase or keycode with employees only as necessary. Make sure to change the passphrase on a regular basis (quarterly is recommended) as well as each time an employee leaves the company. To test the strength of your passphrase, try a service like CloudCracker.

Are Your Firmware and Software Up to Date?

Have you installed the most recent update to your router’s firmware? What about security software on the computers accessing your business WiFi? The best way to inoculate your system from malware and viruses is to install all updates as they become available. Updates will fix bugs and shore up your system against all known threats.

Are You Using WPA2?

Your router may have come with the default encryption protocol WPA, which stands for “WiFi Protected Access.” (It may even—but hopefully not—be set to the older, extremely hackable encryption protocol WEP, or “Wired Equivalent Privacy.” Despite its known vulnerability, WEP is still in use.) Check your router settings to determine which protocol you are using, and select the highest-level security available to you.

If your router is older or currently WPA-incompatible, look for a firmware update or consider upgrading to a newer router altogether.

Have You Set Up Private Access and Public Access?

Are you allowing employees and customers alike access through a single public network? If so, you risk compromising your company data.

Technology such as Service Set Identifier (SSID) can create two separate points of access to your network: a business-grade secure access point for employees, and a public one available to customers. The biggest benefits of these solutions is that they isolate your business’s computers and devices from guests, meaning “potential nefarious guests cannot interact with other devices on the same subnet even if they wanted to,” writes Derrick Wlodarz in “Enterprise-Class WiFi for the SMB: 15 Best Practices from the Field.“

As Wlodarz explains, you can even set up multiple public access points, depending on how many guest devices you need to support. This way, you can offer WiFi service to your guests while keeping your business information confidential.

Have You Eliminated Rogue APs?

in his article “Secure Wireless Network: Top Tips for Secure Wi-Fi,” Paul Reubens warns of “rogue access points.” These are unofficial access points created, at best, by your own employees who have bad connectivity in their offices and, at worst, by hackers. “In either case, rogue access points present a risk because you have no control over them or how they are configured: for example, one could be set up to broadcast your SSID (the 32 character identifier for a wireless network) and allow anyone to connect without providing a password,” writes Reuben.

A regular scan with the appropriate software (Reuben recommends Vistumbler) will help you identify rogue access points and take steps to cut them off.

Just as there’s no getting around the fact that offering WiFi access provides benefits for your customers and your business alike, there’s no denying that the practice comes with its own set of risks. But, armed with information and a little forethought, you can make your customer-facing WiFi secure, reaping the benefits with peace of mind.

Scroll to Top