The need and convenience of a business WiFi network makes it an essential service for most organisations. Unfortunately, many smaller businesses lack the necessary resources and cyber skills to secure their network. This can be a big problem as an unsecured network can leave the business vulnerable to hackers who steal valuable company data or customer information.
Follow these 10 steps today to secure your network and business information safer.
1. Move Your Router to a Physically Secure Location
Getting around many of the more sophisticated security precautions can be as simple as someone hitting the reset button on your router. It’s vital to double-check that your router is in a secure location with restricted access: a suggestion we have for this is the Oystashell. Oystashell can protect your router from the risk of ligature, theft and vandalization. Made of 3ml polycarbonate (the same material police riot shields are made from), the Oystashell is nearly indestructible, making it the perfect solution for challenging environments.
2. Change the Default Router Login Information
This tip might seem obvious, but the truth is that most hacks happen because targets don’t cover the bare minimums. The first web security precaution to take is setting a quality password and continuing to change it frequently. Most routers come with a default username and password such as “admin”, and lists of default usernames and passwords for various routers can easily be found on the internet.
The best passwords or passphrases are at least 15 characters long, with a mix of letters, numbers, and special characters. This goes double for the admin username and password; you need to log into the router to set the password.
Share this passphrase or keycode with employees only as necessary. Most importantly, change the passphrase regularly (quarterly is recommended) and each time an employee leaves the company.
3. Change the Network Name
The service set identifier (SSID) is the name broadcast from your WiFi to the outside world so people can find the network. While you want people to find your network, you don’t want to tell anyone and everyone what make and model of router you’re running. The default name out of the box will frequently be something like “Linksys” or “Netgear3060,” which tells a potential hacker exactly where to look if they want to find documentation that will help them access your network.
4. Update Your Firmware and Software
It’s not exactly at the top of your to-do list, but it’s still critical to your security: Periodically check to see if there have been any firmware updates for your router. These fixes are introduced to solve specific, documented vulnerabilities, so not patching them up is asking for trouble. This goes double for any network security software that you’re running. Firmware updates usually self-install after downloading, making them a simple step in securing your router.
5. Use WPA2
There are usually a few options on your router for passwords, and you want to make sure that you’re using the default encryption protocol WiFi Protected Access or WPA. If it’s older, it may be set to an outdated, extremely hackable encryption protocol WEP, or “Wired Equivalent Privacy.” Double-check your network settings to clarify if you’re using the best encryption protocol available to you. If your router is older or currently WPA-incompatible, check for a firmware fix (as mentioned above), or consider upgrading to a newer router altogether.
6. Double Up on Firewalls
Most routers have a firewall built to protect your internal network against outside attacks, but it might not be automatically activated. It’s generally called SPI (stateful packet inspection) or NAT (network address translation). Either way, it should be turned on and enabled in your router settings.
It’s also essential to ensure your software doesn’t send stuff out over the network or the internet without your permission. For that, you’ll want to install firewall software on your PC or Mac as well.
7. Set Up Private Access and Public Access
Having both employees and the public alike on the same network is a recipe for trouble. To separate the traffic, consider using a Service Set Identifier (SSID) to make two separate points of access to your network: a business-grade secure access point for your team and a public one for customers. This isolates your business’s computers from guests, providing an extra layer of protection.
8. Eliminate Rogue APs
A rogue AP is any unofficial access point to your network. These are often created by someone on your network who has bad connectivity in their office. The problem is that they might not be configured as securely as the rest of your network, giving attackers a window of vulnerability. Take the time to occasionally do access point scanning if your network is large enough.
9. Turn Off WPS
WIFI protected Setup, or WPS, is designed to make pairing a device with an encrypted network as easy as pushing a button. The problem is that it makes it simple for anyone with even a moment of physical access to your router to gain a foothold in your network. As we said before, it’s essential to keep your router in a physically secure location. In addition, consider turning off this function unless you need it for something specific.
10. Limit or Disable DHCP
The Dynamic Host Configuration Protocol (DHCP) server in your router is what IP addresses are assigned to each device on the network. You can limit your DHCP range to limit the number of things on your network theoretically, but that might be impractical with the different devices we use today that need a WIFI connection. You could also disable DHCP entirely. This would mean that you’d need to go into each device and manually give them an IP address. This gives you a lot of control but is relatively labour-intensive, depending on how many devices you need up and running on your network.
If you’re interested in protecting your WIFI Router and want to talk to one of our friendly team about our Oystashell products, then talk to us today to find out more.