The need and convenience of a business WiFi network make it an essential service for most organizations these days. Unfortunately, many small to medium sized businesses lack the necessary resources and cyber skills needed to secure their network properly. That can be a big problem because an unsecured network leaves the business vulnerable to attacks from hackers who want to steal valuable company data or customer information. Compounding the problem, hackers are increasingly targeting small businesses.
Follow these 10 steps today to make your network and business information safer.
1. Move Your Router to a Physically Secure Location
Getting around many of the more sophisticated security precautions can be as simple as someone hitting the reset button on your router. It’s vital to double-check that your router is in a secure location with restricted access: a locked cabinet or in an office that is always locked. You can even explore video surveillance options to have the router monitored 24/7.
2. Change the Default Router Login Information
This is another tip that might seem elementary, but the truth is that the majority of hacks happen because targets don’t cover the basics. The first web security precaution to take is setting a quality password and continuing to change it frequently. Most routers come with a default username and password such as “admin”, and lists of default usernames and passwords for various routers can easily be found on the Internet.
The best passwords or passphrases are at least 15 characters long, with a mix of letters, numbers, and special characters. This goes double for the admin username and password that you need to log into the router in order to set the password.
Share this passphrase or keycode with employees only as necessary. Most importantly, change the passphrase on a regular basis (quarterly is recommended) as well as each time an employee leaves the company. You can use something like CloudCracker to test the security of your passwords.
3. Change the Network Name
The service set identifier (SSID) is the name that’s broadcast from your Wi-Fi to the outside world so people can find the network. While you want people to be able to find your network, you don’t want to tell anyone and everyone what make and model of router you’re running. The default name out of the box will frequently be something like “Linksys,” or “Netgear3060,” which tells a potential hacker exactly where to look if they want to find documentation that will help them access your network.
4. Update Your Firmware and Software
It’s not exactly at the top of your to-do list, but it’s still critical to your security: Periodically check to see if there have been any firmware updates for your router. These fixes are introduced to solve specific, documented vulnerabilities, so not patching them up is asking for trouble. This goes double for any network security software that you’re running. Firmware updates usually self-install after downloading, making them a simple step in securing your router.
5. Use WPA2
There are usually a few options on your router for passwords, and you want to make sure that you’re using the default encryption protocol WiFi Protected Access, or WPA. If it’s older, it may be set to an outdated, extremely hackable encryption protocol WEP, or “Wired Equivalent Privacy.” Double check your network settings to clarify if you’re using the best encryption protocol available to you. If your router is older or currently WPA-incompatible, check for a firmware fix (as mentioned above), or consider upgrading to a newer router altogether.
6. Double Up on Firewalls
Most routers have a firewall built in that can protect your internal network against outside attacks, but it might not be automatically activated. It’s generally called something like SPI (stateful packet inspection) or NAT (network address translation). Either way, it should be turned on and enabled in your router settings.
It’s also important to make sure your own software doesn’t send stuff out over the network or the internet without your permission. For that, you’ll want to install firewall software on your PC as well. PC Magazine’s top pick is Check Point ZoneAlarm Pro, but there’s also a default firewall that comes with Windows 8 and 10.
7. Set Up Private Access and Public Access
Having both employees and the public alike on the same network is a recipe for trouble. To separate the traffic, consider using a Service Set Identifier (SSID) to make two separate points of access to your network: a business-grade secure access point for your team, and a public one for customers. This isolates your business’s computers from guests, providing an extra layer of protection.
8. Eliminate Rogue APs
A rogue AP is any unofficial access point to your network. These are often created by someone on your network who has bad connectivity in their office. The problem is that they might not be configured as securely as the rest of your network, giving attackers a window of vulnerability. Take the time to occasionally do access point scanning if your network is large enough.
9. Turn Off WPS
Wi-Fi Protected Setup, or WPS, is the designed to make pairing a device with an encrypted network as easy as pushing a button. The problem is that it makes it simple for anyone with even a moment of physical access to your router to gain a foothold in your network. As we said before, it’s important to keep your router in physically secure location. In addition, consider turning off this function unless you need it for something specific.
10. Limit or Disable DHCP
The Dynamic Host Configuration Protocol (DHCP) server in your router is what IP addresses are assigned to each device on the network. You can limit your DHCP range to theoretically limit the number of things on your network, but that might be impractical with all of the different devices we use today that need a WiFi connection.
You could also simply disable DHCP entirely. This would mean that you’d need to go into each device and manually give them an IP address. This gives you a lot of control, but is fairly labor-intensive, depending on how many devices you need up and running on your network.
What You Can Do Right Now
As a small business owner, you might feel like you don’t have any information worth stealing, but that won’t stop hackers from gaining access to your network and taking whatever they can find. Don’t make yourself an easy target. Before you find yourself faced with a network breach, take some simple precautions to ensure that your network is secure.
- Physically secure your router and devices.
- Change the default configurations and passwords on your router.
- Set up separate public and private networks.
- Take advantage of new firmware and firewall software.
- Contact Cox Business for a professional evaluation of your WiFi security