After the FBI issued a warning in May for all small business owners to reboot their routers after a malicious hacking campaign, we thought it good to revisit some easy WiFI security steps.
WiFi is an essential business marketing tool for most organizations and has become an expectation from customers. It's important to set it up for best bandwidth and security. Unfortunately, many businesses lack the necessary skills needed to secure their WiFi and network from cyber thieves.
WiFi attacks are easy to deploy and most of these hackers can gain access to your valuable company data and customer information in under 3 minutes.
Cybersecurity in all aspects of your business, no matter your size, is quickly becoming a must have skill for success. Securing your WIFI is an often overlooked vulnerability that you can fix.
Follow these 10 steps today to make your network and business information safer.
1. MAKE SURE YOUR ROUTER IS PHYSICALLY SECURED
It's important to ensure that only authorized personnel can access your Wifi router. A would-be hacker who gains access can easily hit the reset button on your router and potentially gain access to it and other parts of your network.
Lock it in an office or a secure closet and make sure that only authorized personnel have the key.
2. Change the Default PASSWORD FOR YOUR ROUTER
Before all of this cyber hacking became as predominant as it is, most people never changed the default password and login that came with the router. These default usernames and passwords for various routers can be found easily on the internet. Changing the default is something you definitely want to do and change frequently. Make sure it's a strong password.
The best passwords or passphrases are at least 15 characters long, with a mix of letters, numbers, and special characters. This goes double for the admin username and password that you need to log into the router in order to set the password.
Make sure you save the username and password in a safe place.
3. Change the Network SSID Name
When you go to connect to a wireless network you are looking for the service set identifier (SSID) which is the name that’s broadcast from your Wi-Fi to the outside world so people can find the network.
Yes you want customers and employees to find your network, but you don't want to let everyone know what make and model of router you’re running. The default SSID name out of the box often will identify it by using “Linksys,” or “Netgear3060,” which is like giving a hacker the manual on how to best access your network.
4. Update Your Firmware and Software
Hackers love when you fail to see if there are any software updates for your WiFi router. These patches are usually a fix to security and not updating your firmware is like a special invitation for hackers.
A recent bulletin by the FBI was about a vulnerability in routers and if you changed your password and kept your firmware up to date, you probably wouldn't have been affected.
5. Use WPA2 instead of wep
This stuff is more like mumbo jumbo if you are not a security geek. In simple terms, this is the way to ensure the data that you are transmitting and getting is encrypted. WEP or "Wired Equivalent Privacy" is older and much more hackable. WPA or WiFi Protected Access is a much better encryption protocol. If your router doesn't have it, we suggest investing in a newer, more secure router.
6. use a business grade Firewall
A firewall is a must have security feature for any business operating in this modern day cyber hacker world. You will want a firewall that can make sure your own software doesn't send stuff out over the internet without your permission or can detect issues or even websites with malicious intent.
We highly recommend Watchguard firewalls. They are smart and aimed specifically at giving small to medium sized businesses enterprise grade security without costing a fortune. We can get you one and configure it for you.
7. Set Up SEPARATE Private AND Public Access
Your WiFi should have separate access for the public and your employees, so you don't give unintended access of your internal business computers and networks to a hacker. You will want to create two different Service Set Identifier's (SSID) with 2 separate points of access to your network. One should be a business-grade secure access point for your employees, and a public one for customers.
8. KNOW ALL OF YOUR ACCESS POINTS
Sometimes someone sets up an unknown access point to your network. These are often created by an employee who might have a bad network connection in their office. These access points are usually not configured for security and open up some vulnerabilities.
You should occasionally do access point scanning if you have a large office or network.
9. Turn Off WPS
Unless you need it for something specific, you should turn off Wi-Fi Protected Setup, or WPS. It's designed to make pairing a device with your encrypted network, push button easy.
The problem is that it can open the door for someone with criminal intent.
10. beware of DHCP
The internet of things (IoT) means that more devices are looking for a wireless connection in order to work. DHCP or Dynamic Host Configuration Protocol is where the internet addresses these devices use get assigned.
While diabling DHCP might be inconvienient, the safest thing to do is shut it down and manually assign an internet address to each of the devices.
WHAT STEPS CAN YOU TAKE RIGHT NOW?
I am hoping that the days where you feel like you don't have any information worth stealing are over. These cyber criminals prey on that belief and have collected millions of dollars from businesses just like yours.
No one wants to be an easy target. Before you get held up with ransomware, you might want to take these simple precautions to ensure that your WiFi is secure.
- Physically secure your router and devices.
- Change the default configurations and passwords on your router.
- Set up separate public and private networks.
- Take advantage of new firmware and firewall software.
- Contact Restech for a professional evaluation of your WiFi security