Securing Small Business WiFi


As we've seen an increase on attacks against WiFi networks, we wanted to take a moment to share some advice for Small Businesses that are currently utilizing WiFi on their campuses.

Unlike physical networks, wifi systems can extend beyond the walls of your office. Once the password for access gets out in the world, it is very difficult to control who can access your office network. Therefore, you need to consider implementing some changes and routines that protect you from unwanted guests.

You have two major security issues to deal with. The first is that you need to control who can actually get on your network. The second problem is that of the signal footprint. If people outside your office can pick up a signal from your router or wireless access point, they can also capture data, collect unencrypted credentials, and exploit vulnerability systems.

Following the suggestions below will greatly improve your security posture.

  • Change the default password.  Remove all default credentials as they can be used by unwanted guests and automated malware.
  • Limit access to the password. Don't feel obligated to provide WiFi to every business guest.  Also, be mindful of departed employees who could be disgruntled. Business visitors shouldn’t need to access your wifi in order to get information off the internet for their work. Their employers should provide them with a data plan if their business model includes storing data in the cloud.
  • Change the password frequently. Make changing the wireless password part of your monthly routine or when an employee departs the organization.  This will limit access to unwanted guests.
  • Change the network name. Router manufacturers often put the brand name or model of the router in the SSID. An attacker can use the information that appears in the SSID to look up the default username and password for the router with little effort.
  • Don't broadcast the SSID. If you block your router from sending out its identifier, your business wifi becomes a "hidden network".
  • Use strong encryption. Use WPA2, but additionally strengthen it by using AES.
  • Turn off WPS. WPS presents a weakness, because the code method is easy to crack.
  • Turn off Plug ‘n Play (UPnP). UPnP is a key element in the creation of the Internet of Things. The absence of passwords for most devices or manufacturers that use the same password for all devices, make these devices a security vulnerability.
  • Disable Remote Management. It may look enticing to have the ability to remote manage your network, but it also leaves a path for attackers to use, as well.
  • Update all firmware and keep it up-to-date. Vulnerabilities are released near daily for routers and wireless access points.  Make certain that automatic updating is enabled on your devices.  If not available, make it a point to routinely check.
  • Use the firewall.  If your wireless network components provide a firewall, use it.
  • Check unintended open ports. Some manufacturers will provide open ports for management purposes.  Understand the risk and make a qualified decision.  If you are uncertain, reach out to Critical Path Security.
  • Reduce signal coverage.  Proper placement of wireless components could make it possible to tune the router and access point to prevent broadcasting outside of your office environment.

These steps won't remove all risk, but it will greatly increase your security posture.

As always, reach out to Critical Path Security should you have any questions or concerns.

Need to know more?

Reach out to us today!