How to secure your business Wi-Fi network

How to secure your business Wi-Fi network blog

High-speed Wi-Fi networks are crucial to Australian organisations, especially since more areas are being covered by the National Broadband Network (NBN). However, many hackers are becoming more proficient at infiltrating business networks. That’s why if you want to keep your business safe, you need to follow these pointers.

Set a strong Wi-Fi password

The first precaution you need to take is to reset your Wi-Fi router’s login credentials. Every router model comes with default usernames and passwords like “admin” and “password” that can easily be found online. Setting passwords that are at least 12 characters long with a combination of letters, numbers, and symbols can go a long way in reducing your exposure to network-based attacks. 

More importantly, change your passwords whenever an employee leaves the company. This not only prevents attacks caused by rogue ex-staffers, but it also keeps the hackers guessing. 

Change the service set identifier (SSID) 

The SSID is the name of a wireless network that’s broadcasted to nearby devices to help users know which network to connect to. Manufacturers typically set default SSIDs for their routers like ‘Linksys’ or ‘Netgear’, but it’s important to change them as soon as possible. These names give away the model of your router and its default logins, increasing the likelihood of attacks.

Changing your Wi-Fi name may not eliminate advanced attacks, but it does act as a slight deterrent against hackers who are looking for easy targets. A router with a custom SSID implies that your company network is more secure than the generic routers in the area.

Install firmware and software updates

Staying on top of updates is key to network security. Make sure you periodically check your manufacturer’s website for any firmware patches since they often release fixes when they uncover glaring vulnerabilities in their products. This advice also applies to your security software. Firewalls, intrusion prevention systems, and anti-malware must always run the latest patches to defend against the latest threats.

Utilise your firewalls

Network routers have firewalls that monitor incoming and outgoing internet traffic for any harmful programs. Some routers may not have these built-in measures activated upon setup, so make sure to enable these right away.

Enable Wi-Fi Protected Access (WPA2)

WPA2 is a security protocol that’s available on all certified Wi-Fi hardware. It encrypts your data so that devices can’t read any sensitive information you may be accessing or transmitting over the internet. Authorised users are then assigned their own encryption keys and Wi-Fi logins. If devices are lost or an employee leaves the company, system administrators can simply revoke logins to prevent a major data breach.

To enable this feature, simply go to your router’s encryption settings. Keep in mind that some models use Wired Equivalent Privacy (WEP) protocols that are much easier to hack. In such cases, you may have to consider upgrading to a newer, WPA-compatible router.

Disable Wi-Fi Protected Setup (WPS)

Routers with WPS enabled make it easier to connect devices to the network. It asks for someone’s PIN or a simple button press to grant a device internet access, giving attackers an easy way to infiltrate your network. Consider turning off WPS to keep your business safe.

Control Dynamic Host Configuration Protocol (DHCP)  

DHCP servers automatically assign unique IP addresses to each device so they can connect to the network. The downside is this feature doesn’t evaluate the devices it assigns IP addresses to. This means any wireless device can get within range of your router, acquire an IP address, and access poorly secured local files. To fix this, consider assigning IP addresses manually so you can control which devices connect to your network.

Separate public and private network access

Deploying a business network that both employees and the public can access is a recipe for disaster. Anyone will be able to gain a foothold into your systems and perform a wide array of attacks. By creating a separate network for visitors, you can prevent unauthorised individuals from stumbling onto your most sensitive assets.  

Keep your router in a safe place

Wi-Fi security is also about the physical security of network components. Routers and access points (APs) have reset buttons that can restore factory default settings and remove security protocols you’ve put in place. The best way to protect your business from these risks is to lock away network components in office cabinets. You should also consider installing surveillance systems to deter would-be cybercriminals. 

Remove rogue APs

Another security issue regarding physical security involves someone adding an unauthorised AP to your network. These ‘rogue’ APs are usually installed by well-meaning employees who want to improve internet connectivity in their section of the office. The problem is certain APs may lack certain security features, leaving your company susceptible to attacks. The best way to deal with this is to replace rogue APs with ones that have been verified by security experts. 

Securing a business network can be overwhelming no matter how tech-savvy your staff may be. While you can do all of the aforementioned tips by yourself, we recommend working with a leading managed IT services provider (MSP) like Empower IT Solutions. We offer comprehensive network security services and tools that fend off the most nefarious cybercriminals. Call us today to safeguard your IT.