Wi-Fi is now an essential tool used by businesses internally, as well as an expected feature by customers frequenting a business.
With such a high adoption rate on both sides of the business ecosystem, securing Wi-Fi networks and connectivity is a top priority.
Experts have already exposed vulnerabilities in even the most secure Wi-Fi technology. These vulnerabilities have prompted groups like the Software Engineering Institute at Carnegie Mellon to issue advisories about Wi-Fi vulnerability.
Here are 10 steps you can take to secure your small business Wi-Fi and make hackers look elsewhere for softer targets:
- Start with a secure business Wi-Fi router. It all begins with getting the best router, with security and functionality in mind. Consumer and business routers differ, so make sure you get one capable of handling your specific business requirements. A business-class router gives you more configuration options and increased capacity as well as VLAN, multiple SSID support, integrated VPN, and more.
- Lock it up for safety. This sounds obvious, but you have probably seen many routers in clear view of the public. The danger of leaving your router where it can be accessed is, simply hitting the reset button will get around any security measures you have established. Lock your router up so only authorized personnel can access it.
- Update your firmware and software. Make sure you always install the latest update for your router’s firmware. While you are at it, you should also update the security software of any of the devices accessing your business Wi-Fi. Depending on the systems you have in place, you can automate the updates to ensure you are protected from any new vulnerabilities. Automation is usually the best option, so you don’t have to rely on anyone finding the time to do it.
- Use WPA2 or WPA2 enterprise. An enterprise version WPA2 gives you more control so you can define the usernames and passwords for the people using your Wi-Fi. It may mean setting up your own server, but if you don’t have the expertise or resources to do so, such services can be outsourced. This makes it affordable and leaves all the technical aspects of the service to the outsourced provider.
- Disable admin via wireless on your router. Even though it is convenient, leaving the “Admin Via Wireless” option enabled provides a gateway to your system. When you disable this feature, only users who are physically connected to your router through an ethernet cable will be able to access the admin features.
- Set up private and public access. By setting up private and public access, you separate your network into two access points. Your employees can have a business-grade access point, and a public one can be available to your customers or guests. This removes the possibility of guests getting into your system and accessing sensitive information as well as eavesdropping on your traffic.
- Check all Wi-Fi access points. There may be unauthorized wireless connections in your network. By regularly checking and reviewing your wireless network access log, you can detect rogue access points in or around your area. Making these checks also lets you see whether any of the devices within your company are attempting to connect to unauthorized networks. Here again, if you don’t have the time or knowledge to do this, an outsourced provider or consultant can assist.
- Use virtual private network (VPN) connection. Having a VPN connection gives you multiple security features. One of the more important ones is the ability to secure your Wi-Fi outside of your business. Whether it is a hotspot or another connection you don’t fully trust, you can use a VPN to mask your real internet traffic so it can’t be detected by hackers when you are out in the field.
- Use a discreet name for your network, and change the default password. By using a common service set identifier (SSID) name, you make it that much easier for hackers to identify and go after your network. Make it unusual. And in choosing passwords, small businesses don’t fare well. According to a survey conducted by Preempt Security, more than 35 percent of small businesses have weak passwords compared to only under five percent for their larger counterparts. So, choose a strong network password, and change it regularly.
- Have an actionable security policy. Implementing the above features is all well and good, but without a strong and actionable security policy in place it will be an exercise in futility. Everyone must be accountable for the way they use the company Wi-Fi in and out of the office. Sharing passwords, adding unauthorized devices, visiting questionable sites, opening email from unknown sources, and other risky behaviors will counteract all of your security efforts. Periodically (such as once a quarter) remind your team of company security policies, explain the consequences of circumventing them, and ask for their cooperation.