The increase in popularity of wireless networks for small and midsized businesses is due largely in part to the ease and convenience of their use. But, if they’re not properly secured, they can become a hacker’s playground.
Here’s our tips and recommendations for securing your wireless networks.
1. Strong Password for your wireless router admin account
Just about all wireless routers ship with a default password for the administrator account. You need to change the default admin password to a strong, minimum 8 character password. Include uppercase letters and numbers. If possible add in special characters like dollar signs or percent signs. And don’t make it a dictionary style password either, such as P@$$w0rD. Too easy to hack.
2. Change Your SSID
The name you give your wireless network is called a service set identifier (SSID). Again, wireless routers often ship with a default SSID. If a hacker sees yours still set as default, it’s a flag your wireless network is not properly configured. Change your SSID to a unique name.
3. Enable the router’s Firewall
If your wireless router has a built-in firewall, it might be turned off. If you’re familiar with these firewalls, turn it on and check its settings. If you’re not confident with firewalls, call us at intellect IT for more help.
4. Enable Encryption such as WPA2.
Every wireless router offers encryption which scrambles your data as it’s being transferred, and unscrambles it only to the intended recipient. Common encryption protocols are Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), and Wi-Fi Protected Access 2 (WPA2). WPA2 is best because it’s the hardest to crack. If your router is an old one then use WPA. If it’s so old it only has WEP, replace it now because your wireless network is far too easy to hack.
5. Disable WPS on low end Consumer-Grade Router’s
Too many businesses choose cheap consumer-grade wireless routers that have Wi-Fi Protected Setup (WPS). It’s a user-friendly front-end for encryption protocols such as WPA2, allowing you to connect a device to a network with the push of a button or by entering a pin number. Hackers exploit WPS vulnerabilities to gain access to your networks so if your wireless router supports WPS, disable it.
6. Turn off Remote Management Feature
Some wireless routers allow you to manage them from a remote location. But this leaves a door open making them vulnerable to attacks. Unless you have a very strong business case for wanting to remotely manage your router, turn this feature off.
7. Disable Wi-Fi Sense on Windows 10 Devices
Windows 10 and Windows 10 Mobile include a feature called Wi-Fi Sense. It helps users to find Wi-Fi hotspots, or share their Wi-Fi networks. But that sharing can be done with contacts from Facebook, Skype, and Outlook.com. One big security issue is you can’t specify individuals, the network is shared with all the contacts in that group. Would you want your users to share your business’s wireless network?
8. Use MAC Address Filtering
Each device has a unique identifier known as a Media Access Control (MAC) address. A good router will have a feature that allows only specified MAC addresses to connect to a wireless network. This takes a bit more time and effort to manage, but gives you a lot more control and security. Only devices with a MAC address in your allowed list will ever be able to connect.
9. Update the Router’s Firmware, often.
Firmware is software that gives a router its functionality. Like any software, firmware can have bugs or vulnerabilities that need patching. Keep yours up to date to make your router and your wireless networks as secure as possible.
10. Log Out of any web-based Interface
Most wireless routers have a browser-based user interface used for configuration. Never stay logged in, when you’re done accessing the router, log off. And never check any box that says “always remember” your username or password.
11. Protect the devices on your network
No matter what lengths you go to, to secure your wireless network, it’s only as secure as the devices on it. Always ensure as best as possible that any device connecting to your business network is protected, updated, and free of malware viruses or spyware.