9 Best Practices for Wireless Network Security
You’ve set up Wi-Fi access for your office and your network is set and ready to go... but is it really? Your Wi-Fi might feel fast and it might cover your entire office space, but your business can be vulnerable to cyberattacks unless you secure your network. Here are nine best practices to ensure that your wireless network is secured.
1. Enable Password Security
This is your business, not a coffee shop that offers free Wi-Fi. Your Wi-Fi network shouldn’t be easy for anyone with a smartphone or laptop to just jump on.
A strong password policy reduces opportunities for hackers to brute force their way into your network. Best practices for strong passwords include having between 16 to 30 characters and a mixture of letters (including capitals), numbers, and symbols.
Remember though, security only starts with the password.
2. Use Wi-Fi Protected Access 2 (WPA2)
Enforcing WPA2 with a strong, complex password will be the first step in preventing anyone who shouldn’t get access to your data from getting on the network.
Wi-Fi Protected Access 2 (WPA2) is the standard security protocol currently in use. Keep in mind there are two types of WPA2, one is consumer-grade (WPA2 Personal) which is less robust and the second, WPA2 Enterprise, which requires each user to gain access to the network by using their own unique credentials and is something all businesses should have to protect their network.
It’s worth noting that, as of the writing of this blog, Wi-Fi Certified 6 program has been released, promising increased security and improved capabilities. While it is still in its infancy, purchasing devices which support the new standard is something to be considered.
3. Control Who Has Access To Your Network
In other words, create separate access ‘buckets’ for guests and staff. Ensure guests only have access to the internet and not internal sources of data. In fact, best practices suggest you create a completely separate Wi-Fi network for guests altogether.
Most business-grade Wi-Fi routers do support segregated guest networks for when you want visitors to have access to free Wi-Fi. These guest accounts usually (but not all the time, it depends on the router) just allow the user to surf the Internet and not have access to internal network traffic.
Note: While you’re at it, take a moment to think about creating different access privileges for your staff. By limiting the number of internal users who can access critical data, you reduce the opportunities for hackers using compromised credentials to gain access to your critical data. For example, most employees don’t need to access financial information.
4. Manage The Range of Your Wi-Fi Signal
While you can control who accesses your Wi-Fi inside your building, what happens when the signal goes beyond the walls? There’s nothing a hacker loves more than an unsupervised Wi-Fi signal; they can take their time trying to gain access to it. One of the things a wireless survey will do is ensure all your building receives coverage, while also ensuring that your signal stays within your building.
5. Physically Secure Access Points
Like any device on your network, if your access points are compromised, it can lead to big problems. This means you need to make it difficult to physically gain access to Wi-Fi equipment and access points. Your access points should be physically secured, installed on the ceiling, within the walls, or inside locked cages. If your data is valuable enough, a cybercriminal will try to compromise it. An unattended and physically accessible access point is an easy way in. The best way to secure your high tech access points is one which is very low tech: putting them someplace out of reach.
6. Check for Rogue Access Points
A rogue access point is a wireless access point installed on your secured network without knowledge or authorization from the network administrator. It could either be an older device that has long been forgotten, or something an employee set up innocently.
A rogue access point doesn’t necessarily have to be due to malicious intent. For example, some members of your team may find themselves in a ‘dead spot’, where Wi-Fi is unreliable (this is why it’s essential to have a wireless survey). To remedy this situation, they bring in their own wireless router and connect it to the network.
While this form of Shadow IT should be seen as a ‘cry for help’ from the team, it also places the network and business itself at risk for intrusion. Due to the ‘plug and play’ nature of such devices, there is a high probability the device will be poorly configured and unsecure, allowing for unauthorized access by parties who are malicious. To prevent this, there needs to be monitoring systems such as a Wireless Intrusion Prevention System (WIPS) in place to alert the network administrator when unknown access points come online.
7. Develop a Mobile Device Policy (BYOD)
There are several variables you need to address when designing and implementing your company’s BYOD (Bring Your Own Device) policy. These include:
- Specify which devices will be permitted on the network.
- Establish static and comprehensive security strategy.
- Define how foreign devices can access data on the network.
- Ensure staff knows who owns what on the mobile device.
- Make a decision on what kind of use to ban on foreign devices.
- Combine your BYOD strategy with your acceptable use strategy.
- Create a strategy to quickly and securely onboard and remove users
8. Support for Legacy Wi-Fi Devices
Despite the constant push towards newer technology, the truth is most businesses have legacy technology on the network. Sometimes this older technology is no longer in use, or it might be something that is in need of an upgrade. This is why it’s important to have regular technology audits, which would allow your business to see exactly what devices are in use and why.
That being said, when it comes to Wi-Fi devices, this can prove to be a security risk as many of these older devices don’t have the capabilities to be secured according to current best practices. We’ve found, over the years, that practically any network-connected device can be the entry-point for malware or cybercriminals. Anything ranging from a printer to a smart appliance to a network-attached piece of industrial equipment could be the weak point on your network.
This is an important consideration, particularly in the age of IoT where first-generation EOL devices (devices which are no longer supported) are connected to the network at all times. Since these devices must be used, best wireless security practices require legacy devices be segregated to their own virtual network with their own unique SSID.
9. Consider Using a Business VPN
A virtual private network (VPN) can improve overall network security by supplementing your existing security measures. With a VPN in place, your data is being encrypted as it is transmitted, ensuring that your data is secure coming and going. Even if a hacker manages to intercept it, they won’t be able to use it.
If you’re interested in learning more about wireless network best practices and the best way to ensure your business’ data and communications are safe and secure, schedule a FREE consultation for more information. Reach out to us at (774) 213-9701 to get started.