10 Ways To Secure Your Business WiFi Network

Salinas IT Company wifi

Table of Contents

Follow these 10 steps today to make your network and business information safer.

Adaptive is a Salinas IT company specializing in providing IT services to small and mid-sized businesses. The need and convenience of a business WiFi network make it an essential service for most organizations these days.

Unfortunately, many small to medium sized businesses lack the necessary resources and cyber skills needed to secure their network properly. That can be a big problem because an unsecured network leaves the business vulnerable to attacks from hackers who want to steal valuable company data or customer information.

 

1. Move Your Wireless Access Point/Router to a Physically Secure Location

Getting around many of the more sophisticated security precautions can be as simple as someone hitting the reset button on your router or wireless access point. It’s vital to double-check that your wireless access point/router is in a secure location with restricted access: a locked cabinet or in an office that is always locked. You can even explore video surveillance options to have the wireless access point/router monitored 24/7.

2. Change the Default Wireless Access Point/Router Login Information

This is another tip that might seem elementary, but the truth is that the majority of hacks happen because targets don’t cover the basics. The first web security precaution to take is setting a quality password and continuing to change it frequently. Most wireless access points/routers come with a default username and password such as “admin”, and lists of default usernames and passwords for various wireless access points/routers can easily be found on the Internet.

The best passwords or passphrases are at least 15 characters long, with a mix of letters, numbers, and special characters. This goes double for the admin username and password that you need to log into the wireless access point/router in order to set the password.

Share this passphrase or keycode with employees only as necessary. Most importantly, change the passphrase on a regular basis (quarterly is recommended) as well as each time an employee leaves the company.

3. Change the Network Name

The service set identifier (SSID) is the name that’s broadcast from your Wi-Fi to the outside world so people can find the network. While you want people to be able to find your network, you don’t want to tell anyone and everyone what make and model of wireless access point/router you’re running. The default name out of the box will frequently be something like “Linksys,” or “admin,” which tells a potential hacker exactly where to look if they want to find documentation that will help them access your network.

4. Update Your Firmware and Software

It’s not exactly at the top of your to-do list, but it’s still critical to your security: Periodically check to see if there have been any firmware updates for your wireless access point/router. These fixes are introduced to solve specific, documented vulnerabilities, so not patching them up is asking for trouble. This goes double for any network security software that you’re running. Firmware updates usually self-install after downloading, making them a simple step in securing your wireless access point/router.

5. Use WPA2

There are usually a few options on your wireless access point/router for passwords, and you want to make sure that you’re using the default encryption protocol WiFi Protected Access, or WPA. If it’s older, it may be set to an outdated, extremely hackable encryption protocol WEP, or “Wired Equivalent Privacy.” Double check your network settings to clarify if you’re using the best encryption protocol available to you. If your wireless access point/router is older or currently WPA-incompatible, check for a firmware fix (as mentioned above), or consider upgrading to a newer wireless access point/router altogether.

6. Double Up on Firewalls

Most routers have a firewall built in that can protect your internal network against outside attacks, but it might not be automatically activated. It’s generally called something like SPI (stateful packet inspection) or NAT (network address translation). Either way, it should be turned on and enabled in your router settings.

It’s also important to make sure your own software doesn’t send stuff out over the network or the internet without your permission. For that, you’ll want to install firewall software on your PC as well.

7. Set Up Private Access and Public Access

Having both employees and the public alike on the same network is a recipe for trouble. To separate the traffic, consider using a Service Set Identifier (SSID) to make two separate points of access to your network: a business-grade secure access point for your team, and a public one for customers. This isolates your business’s computers from guests, providing an extra layer of protection.

8. Eliminate Rogue APs

A rogue AP is any unofficial access point to your network. These are often created by someone on your network who has bad connectivity in their office. The problem is that they might not be configured as securely as the rest of your network, giving attackers a window of vulnerability. Take the time to occasionally do access point scanning if your network is large enough.

9. Turn Off WPS

Wi-Fi Protected Setup, or WPS, is the designed to make pairing a device with an encrypted network as easy as pushing a button. The problem is that it makes it simple for anyone with even a moment of physical access to your wireless access point/router to gain a foothold in your network. As we said before, it’s important to keep your wireless access point/router in physically secure location. In addition, consider turning off this function unless you need it for something specific.

10. Limit or Disable DHCP

The Dynamic Host Configuration Protocol (DHCP) server in your router is what IP addresses are assigned to each device on the network. You can limit your DHCP range to theoretically limit the number of things on your network, but that might be impractical with all of the different devices we use today that need a WiFi connection.

You could also simply disable DHCP entirely. This would mean that you’d need to go into each device and manually give them an IP address. This gives you a lot of control, but is fairly labor-intensive, depending on how many devices you need up and running on your network.

What You Can Do Right Now

As a small business owner, you might feel like you don’t have any information worth stealing, but that won’t stop hackers from gaining access to your network and taking whatever they can find. Don’t make yourself an easy target. Before you find yourself faced with a network breach, take some simple precautions to ensure that your network is secure.

  • Physically secure your wireless access point/router and devices.
  • Change the default configurations and passwords on your wireless access point/router.
  • Set up separate public and private networks.
  • Take advantage of new firmware and firewall software.
  • Contact us for a professional evaluation of your WiFi security

 

Our engineers are ready to assist with any questions and provide guidance to secure your business WiFi network. Adaptive is a Salinas IT support company specializing in keeping our client’s networks running smoothly and secure. Don’t put your data at risk, give us a call to find out how we can help.

 

Salinas IT Services

Facebook
Twitter
LinkedIn

We're Here To Listen and Help. Connect With Adaptive Information Systems

If you have technology needs, Adaptive Information Systems can help. Contact us and a consultant will call you ASAP.

Name(Required)
This field is for validation purposes and should be left unchanged.