11 Ways to Secure Your Business's Wireless Network
July 6, 2017
Wireless networks are popular in small and mid-sized businesses because they are easy to set up and convenient to use. However, if a wireless network is not properly secured, hackers within range can access it and infiltrate your network.
Here are eleven ways you can lock down your business's wireless network and keep hackers at bay:
1. Use a Strong Password for Your Wireless Router's Administrator Account
Many wireless routers ship with a default password for the administrator account. It is important that you change the default password to a strong one that is at least eight characters long. The password should include uppercase and lowercase letters as well as numbers (but not in a predictable pattern). When possible, you should also include special characters, such as dollar signs and asterisks.
2. Change Your Wireless Router's SSID
A wireless network's name is called a service set identifier (SSID). Many vendors ship their wireless routers with the same default SSID. Keeping the default SSID might signal to a hacker that your wireless network is not properly configured and vulnerable to attack. Because of this, you should change your network's SSID to a unique name.
3. Make Sure Your Wireless Router's Firewall Is Enabled
Most wireless routers have built-in firewalls, but sometimes they ship with the firewall turned off. You may need to make sure that your router's firewall is turned on. *It is important to check on this with your IT service provider, especially if you have firewall hardware. They can help you determine whether everything is properly configured.
4. Use WPA2 for Wireless Communications
Every wireless router offers encryption. Encryption scrambles your data and makes it unreadable, except by the recipient. Three common encryption protocols are Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), and Wi-Fi Protected Access 2 (WPA2). Using WPA2 is best because it employs the hardest-to-crack encryption algorithm. If you have an older router that does not support WPA2, you can use WPA. Do not use WEP as it is outdated and easily hacked.
5. Disable WPS If You Are Using a Consumer-Grade Wireless Router
It is not uncommon for businesses to use consumer-grade wireless routers. These routers often include Wi-Fi Protected Setup (WPS), which provides a user-friendly front-end for encryption protocols such as WPA2. With WPS, users can connect a device to a wireless network by simply pushing a button or entering a personal identification number. However, hackers can exploit a vulnerability in WPS to gain access to wireless networks. So, if your wireless router supports WPS, you may want to disable it.
6. Disable Your Wireless Router's Remote Management Feature
Many wireless routers have a feature that lets you manage them from a remote location. Unfortunately, it often leaves routers susceptible to attacks. For this reason, you should disable remote management if you do not need to use this feature.
7. Make Sure Wi-Fi Sense's Network-Sharing Functionality Is Disabled on Windows 10 Devices
Windows 10 and Windows 10 Mobile include a feature called Wi-Fi Sense. Besides helping users find open Wi-Fi hotspots, this feature lets them share their Wi-Fi networks, without sharing those networks' passwords. Users can share their Wi-Fi networks with their contacts from Facebook, Skype, and Outlook.com. However, users cannot specify individuals within a group (e.g., within Facebook) — the network is shared with all the contacts in that group.
Although the contacts can only use the network to get online, you might not want your employees sharing your business's wireless network. If that is the case, you need to make sure Wi-Fi Sense's network-sharing functionality is disabled on your Windows 10 and Windows 10 Mobile devices.
8. Consider Using MAC Address Filtering
Each device that is able to connect to a Wi-Fi network has a unique ID called a Media Access Control (MAC) address. You can configure your wireless router to check the MAC addresses of devices trying to connect to it, allowing connections only from the devices it recognizes. Admittedly, it takes time and effort to enter the MAC addresses of all the devices allowed to access your wireless network, but your network will be more secure.
9. Keep the Wireless Router's Firmware Updated
Every wireless router has firmware. Firmware is software that gives the device its functionality. Like any other type of software, firmware sometimes has bugs or security vulnerabilities. When you keep your wireless router's firmware updated, known bugs and vulnerabilities are fixed, making your router more secure.
10. Log Out of the Wireless Router's User Interface
Most wireless routers have a browser-based user interface, which people use to configure router settings. If you leave this interface open and someone gets access to your computer, your router is vulnerable. Thus, you should always log out when you are finished configuring the router.
11. Protect the Computers That Access Your Wireless Network
Despite your best efforts, hackers may still infiltrate your wireless network. For this reason, you need to use anti-malware software on all the computers that access your wireless network. In addition, you need to keep those computers' operating systems and applications updated so that known bugs and security vulnerabilities are patched.
Have questions about wireless network implementation and security? Contact Electro-America today!