Hackers crack open WiFi passwords like soda cans. If you’re reading this on a computer connected to a business WiFi network, you might not be too far from an evil genius trying out different methods of bypassing or breaking through the security wall of your Internet connection. For a small business, WiFi Internet connectivity is a tremendous problem solver at the workplace. Your employees use the network to communicate, collaborate, and innovate, and your customers need it to stay connected when they visit your premises. With such remarkable adoption on both sides of the business sphere, WiFi becomes a digital asset for any business.
The critical question of WiFi security
The value of WiFi for your business hardly requires any underscoring. The trouble is that not many businesses care about securing their WiFi connections. The implications of WiFi theft could be as inconsequential as someone enjoying high-speed Internet on your purse, to hackers being able to intercept data flowing across the network, to legal issues related to accessing banned and illegal content online. Inherently, wireless networks are easier to eavesdrop upon, as compared to wired connections. Thankfully, you can do a lot to improve things and secure your company’s WiFi.
Use enterprise mode WiFi
The enterprise mode of WiFi offers tremendous control over security. Here are the two most important benefits that make it the preferred mode for businesses, as compared to the personal mode.
- Each user is authenticated separately; this means that hardware loss of a connected device, for instance, just requires you to deactivate that user’s credentials.
- Each user is assigned a unique encryption key, which means no user can decrypt some other user’s data on the network.
This individual user-level authentication is made possible by setting up a RADIUS server. You could opt for a cloud-based or hosted RADIUS server, too. For smaller networks, you could use access points with built-in RADIUS servers.
Make the SSID inconspicuous
The service set identifier is a basic WiFi network setting. Though it would appear unrelated to network security, there is scope to be careful about SSID to make your WiFi network more difficult to invade. If you make it too simple, such as using the vendor’s default name, it becomes easy for a hacker to crack the personal mode of WPA or WPA2 security. Hackers use password cracking dictionaries that store common and default SSID, which makes such networks a soft target.
Some network security experts suggest turning off SSID broadcast. We don’t think that delivers any tangible security benefits because hackers typically use tools that help then sniff and reveal hidden SSIDs. Also, hiding it means that users will need to enter the SSID manually every time. Then, the frequent probe requests have a negative impact on WiFi performance.
Why give a reason to a hacker to attempt a hack on your WiFi network? Instead, use a nonobvious SSID.
Physically secure access points
Access points are the backbone of an enterprising business WiFi network. However, these access points also increase the threat surface area of the network. That’s because all access points have a physical reset button. Pressing it restores the default settings, and hence removes all the WiFi security layers.
To prevent this from happening to your business WiFi network, take these preventive steps:
- Mount your access points sufficiently out of reach of unauthorized and unprepared personnel.
- Ask the access point hardware vendor to provide lockable enclosures the devices.
- Disable all unused Ethernet ports so that no unauthorized access points can be added to the network.
- Enable 802.1X authentication, wherein any device needs to provide login credentials to be able to use the network.
Preventing man-in-the-middle attacks
It’s possible for a hacker to first identify your business WiFi SSID and then to set up a bogus network using the same SSID. Then, by also setting up a fake RADIUS server, the hacker can extract the username and password of anybody who connects to the fake SSID.
You can, however, prevent such attacks by using 802.1X authentication. Herein, server verification is used on the client side. Because of this, the client doesn’t pass on the entered login credentials to the RADIUS server unless it verifies that it’s communicating with the correct server.
More methods to secure a business WiFi network
Apart from the tactics discussed till now, here are some checks, tips, tricks, and methods you can rely upon to secure your business WiFi network.
Buy enterprise-grade WiFi routers that offer the latest security features. Invariably, these routers offer more configuration options for your network admins, better capacity management, support for multiple SSIDs, and integrated VPN.
We briefly talked about the need to secure your access point hardware; similarly, your routers must also be physically inaccessible for everyone apart from authorized personnel.
Automated firmware and software upgrades are your best bet to make sure that the WiFi network devices, as well as end-user devices, remain secure. Make sure your business’ IT security team is aware of the need to automate WiFi hardware’s firmware upgrades.
Unless you’re absolutely convinced that there’s no way around, don’t enable “Admin via wireless” option; that’s because with this option disabled, only someone who’s physically connected to the router via Ethernet cable can access admin features.
Set up a separate public access for your guests and visiting customers; this ensures that guests are separated from the sensitive data flowing on the network.
Consider using a VPN connection to secure your business WiFi; using it ensures that the Internet traffic on your network remains masked, which further ensures that hackers can’t detect it with your employees out in the field.
A good starting point
Your business WiFi network is always on the radar of evil geniuses or a gang of cybercriminals on the prowl. Or it could be a harmless neighbor looking for a free high-speed Internet fix. The WiFi security aspects covered in this guide are a good starting point for any company to make its network secure.
Photo credit: Pixabay