11 Tips To Ensure Your Wi-Fi Network Is Secure
Businesses are turning to Wi-Fi to extend their networking capabilities. Wireless local area networks (WLANs) provide the mobility, flexibility, and accessibility you need to grow your business.
With continued advances in technology, wireless accessibility is increasingly being used in both office and public environments. This may make it easier for your employees to work from their mobile devices.
However, if not adequately designed, installed, maintained and tested, this also gives hackers the ability to launch attacks on your wireless network. This means that they can eavesdrop, access, and even tamper with your wireless transmissions.
Unlike wired Ethernet LANs (local area networks) that are safeguarded inside your walls and closets, Wi-Fi networks transmit data over radio waves in open space. If not properly secured, unauthorized users can gain access to your Wi-Fi and the data you transmit.
This results in:
Your business needs Wireless Networking & Security Services that prevent unauthorized access to your transmissions. (Be sure to ask your Managed Services Provider about this.)
1. Create strong passwords and update them regularly.
It’s also important for you and your employees use different passwords for each one of your accounts. Using the same password for everything is like inviting hackers to steal your information. If you do this, and someone hacks into one of your accounts by figuring out your password, they would also have the password for your email, other social media accounts, online shopping sites, and perhaps even your bank account. By changing passwords across platforms, you’re further protecting your confidential information.
Hackers can access everything, even WPA2 if you’re not using secure and strong passwords. Both of these will help prevent criminals from seeing what you’re doing online. It’s important to remember that cybercriminals will often use cloud services to crack passwords, so when you’ve got a shorter password that seems secure, it still may not be safe.
2. Use strong encryption.
Unless you enable encryption on your Wi-Fi, people nearby can easily connect to your network. It’s always a good idea to enable Wi-Fi protected access (WPA), WPA2 would be ideal. This will provide your Wi-Fi with stronger encryption to secure your communications, as opposed to WEP, which hackers have easily cracked before. Plus, follow these steps for strong encryption to protect your data. Your Managed Services Provider can help with this:
To protect your data, use well-known algorithms and the longest keys allowed; use both upper and lowercase letters, punctuation, and numbers. Using a strong encryption key is going to ensure maximum data protection. In addition, use hardware-based encryption to increase your security; full drive encryption is a lot less troublesome for you and other employees.
Consider how you’re going to store encryption keys, who will have access, how often the keys should be replaced, and when you’re going to delete the keys. Security firms recommend changing your keys every two years. Key management technology can be extremely useful for this. Similar to devising passwords, avoid using the same encryption keys for everything.
Does your company use the cloud to share sensitive documents or develop backups? It’s important to ensure your files are actually deleted after you’ve moved them to the trash. The best way to do this is to delete the encryption key.
Don’t store encryption keys next to the encrypted data in a cloud or internal environments. Be sure to keep the keys in your personal possession. Storing keys next to encrypted data is the exact same as leaving your car keys on top of your car; you’re setting it up to be stolen.
Whether you share a public cloud or use an internal system to store data, encryption allows you to keep your data separate in shared environments. Always use encryption to keep your data isolated from others’ data.
If you’re using the cloud, the storage vendor doesn’t need to know your encryption keys. Encrypt the data when it goes out and decrypt it when you’re ready to load it back again. Another commonly used example of this approach is a VPN (virtual private network), which creates an encrypted tunnel with the encryption, and decryption at the endpoint.
If you’re using a public cloud to run virtual machines, hackers who obtain access to the cloud will be able to break into your data easily. Don’t provide hackers with easy access to your encrypted data. Consider encrypting more than just the data.
Although many companies have a VPN, employee access still requires protection when using personal sites, or when they’re offsite. Otherwise, sensitive corporate data on their laptops may be exposed during public Wi-Fi use. Consider finding a provider who can encrypt Internet traffic for employees, but make sure your vendor doesn’t save or monitor the traffic.
3. Change your network name.
In actuality, the network SSID (such as “Office”) is part of the security for encrypted networks. So, when you use a default name, it makes it much simpler for hackers to guess your password. Using a unique network name that doesn’t give away too much information will help because that way, attackers won’t be tempted to choose you as their target.
4. Remember to consider your authentication strategy.
Those who use WPA2-PSK are sharing the same password with employees, family, and friends. This could lead to them accidentally or unintentionally sharing the password with others, which means any of them can view your network traffic. Employees who leave your company will typically retain the networks’ key, which allows them to access the network or decrypt your traffic. Larger companies should consider using RADIUS or a certificate-based authentication mechanism so that each user will obtain their own managed credentials. This helps to ensure users cannot share the key to your network.
5. Manage all the network names you’ve previously used.
Typically, devices will remember the names of networks you have connected to by default. For example, I’m sure you’ve noticed that after using a hotel’s Wi-Fi, your device probably remembered the name and searched for that network in the future when you’ve traveled. This means that the wireless scanning tools often used by attackers’ can identify your device and see that in the past, it has connected to a network with that name. This may not seem like an important issue, but often wireless network names give away clues about which business you work for, websites you’ve visited and in extreme cases, and possibly your address (networks have been found to be named after street addresses). If you notice that a profile you’ve used in the past gives away sensitive information, be sure to remove that profile.
6. Consider SSID hiding very carefully.
The feature ‘SSID hiding’ is made to hide your network name from any lists that people in surrounding areas can see on their devices, which means that the user has to physically configure the network name and password. SSID is a useful feature because it hides your network, which reduces the temptation for attackers to hack into your network. However, it will only take a few seconds for an attacker with basic hacking knowledge to reveal your networks name, which makes this unreliable unless you’ve combined it with a good password and strong encryption.
7. Always be cautious of device authorization lists.
Media Access Control address (MAC address) is a unique identifier for an Ethernet or network adapter over a network. It distinguishes different network interfaces and is used for a number of network technologies, particularly most IEEE 802 networks, including Ethernet. In the open system interconnection model (OSI), MAC addresses occur in the Media Access Control Protocol sub-layer.
MAC address filtering was made to prevent devices from using your network if they aren’t on a pre-authorized list of hardware devices that are allowed, and it’s often assumed to be a strong defense. However, these MAC addresses can be forged quite simply by attackers. Manually authorizing these addresses can also be an administrative burden for your organization, so it’s a good idea to follow the rule of “defense-in-depth.” Instead of using MAC address filtering, it’s highly recommended that you focus that effort on strong encryption and passwords. Also, if you change the SSID, it will make it much harder for an attacker to crack because they’ll have to re-compute against your SSID name.
8. Practice defense-in-depth.
Network security is only one small part of having a good security strategy. The right security practices can help secure your data, even if your wireless network becomes compromised. Start by following best practices for endpoint protection, web security, and patching. This will reduce the odds of your data being stolen by a hacker.
9. Manage all wireless access points.
Always ensure your wireless access points use accurate security configurations (especially those of branch offices). A lot of businesses make sure they’ve got secure wireless at headquarters, but typically have a weaker access point configuration at their branch offices. This undermines their security efforts. Remote logging and policy management should be a priority to ensure security is dependable throughout your company offices wherever they are.
10. Protect yourself on open networks.
Hotels and restaurants often provide open hotspots but connecting to these means you’ll need to take additional steps to ensure your traffic won’t be seen by hackers. To encrypt all of your traffic over the wireless network, use a strong VPN and check to make sure hotspots are legitimate before you provide any login information or credit card details; cybercriminals often create fake hotspots.
11. Restrict traffic and manage your visitors.
If it’s necessary for your business to provide consultant or guest access to your network, you should consider creating a separate network for guests that includes restrictions on what they’re able to access. An easy way to do this without a ton of administrative effort would be a hotspot registration portal. Setting up this type of network allows your visitors access the Internet without accessing your corporate services.
Follow this advice and your business can benefit from today’s Wi-Fi technology.