Wireless is increasingly becoming the new wired in business. This is handy but also dangerous because the Wi-Fi network is the Achilles heel of the cybersecurity system for many SMEs. How can you ensure that your workplace WiFi is safe? Here are a few tips:
Are you not doing anything as a company to secure your WiFi? Then you run a relatively high risk of company, customer and personnel data falling into the wrong hands, employees being diverted to malicious websites and devices being infected with malware. Fortunately, with the following seven – relatively easy to implement – tips, you can greatly improve the security of your wireless network in the office.
Table of Contents
Tip 1: Change the factory password of your router and access point
It is by no means an original tip, but it is an incredibly important one. In many cases, factory passwords are a breeze for hackers. The password on the back of the device may look complex and therefore secure. However, it may be based on the MAC address of the device, making it easy to crack.
Tip 2: Do not forget the management password of your access point
While you’re working on passwords, change the management password of your access point right away. That is the password with which you log in to the management page of the device. Hackers post lists of default passwords and login names on the internet, so change this information as soon as possible.
Tip 3: WPA2 is the norm (but WPA3 is coming)
The most widely used security standard for Wi-Fi is currently WPA2, which has been around since 2004. Yet there are still companies that use the completely insecure predecessors WEP and WPA. WPA2 uses much better authentication and encryption (namely CCMP, which is based on AES). In 2017, however, a serious vulnerability KRACK (Key Reinstallation Attack) was discovered, which shows that WPA2 security can be circumvented. The latest standard WPA3, which is now gradually being embraced by the market and automatically supported in Wi-Fi 6, fixes KRACK and a few other vulnerabilities.
This means that if any of your company’s devices still use outdated encryption standards such as WEP or WPA, you should dispose of them, purchase newer wireless routers or access points and set up WPA2 encryption on them.
Tip 4: Add MAC addresses to your router
Every device that is connected to the internet has a MAC address. With routers, you can add these unique identification numbers for all devices that are welcome in the company network. As a result, the devices that have not been added cannot access the wireless network. This solution is not completely foolproof, as malicious users can spoof a MAC address.
On the other hand, it can be a handy way to ensure that employees with their personal – and therefore usually less secure – devices go on the guest network (or another non-business-critical network), instead of the main network.
Tip 5: Set up a guest network
A guest network is a separate wireless network that is disconnected from the corporate network. Guests (or employees who use a personal device) can access the Internet, but not, for example, files and printers on the company network. You can set up a guest network on some routers, and you can easily arrange this via Multiservice WiFi from KPN.