8 Steps to Safer WiFi

WiFi logo

We all use WiFi networks for our computers, tablets and phones. As a business owner you can tailor your WiFi access point to decrease the risk that someone uses this as an entry point your office network. Here are eight things that can help:

  1. Change the default passwords on your router. These are published by every manufacturer and available to anyone that used the Internet. If you have a Century Link Internet connect the device comes with a unique password that is printed on the bottom of the router. Strong passwords are at least fourteen characters long using all four symbol types in the phrase.
  2. Encrypt all wireless communication with WAP2 encryption. WAP2 encryption is only as good as the password that you use to protect access to your WiFi network. Using your business name or dictionary words in the password is a very poor idea.  So you now have a second fourteen character or more password to make critical changes to your business network.  Us a password manager that has an option to share this information with other people.  You don’t need the receptionist calling everyone he or she can find to get the password for a visitor.
  3. Setup a Guest WiFi network for visitor access. No visitor should be able to snoop on your network.  The Guest network is isolated from the employee network.  A visitor has Internet access, but not access to your internal information.
  4. A hidden local office WiFi network for all of the company owned equipment for your internal use is necessary.  You can also segment the WiFi network by departments.  Sales does not need to be in the Engineering network and the Engineers do not need access to sales to all of the company’s sales leads.  Setup a separate WiFi network for the portable devices.  This is the phones, tablets and video camera network.  The business should monitor what information leaks out from these devices also.
  5. Disable the broadcast of the office WiFi name. This is only necessary if you have customers or clients using a WiFi network to entice them to come to your business. Broadcasting the name is a good idea for hotels, restaurants and guest wireless networks. You can connect all of your business devices to the wireless network by typing in the name and the password. If you don’t everyone with a smart phone will know the name of your internal WiFi network.
  6. Turn off your WiFi network when your business is closed. If you are not open at 2 AM in the morning don’t allow a connection to your WiFi. Most routers have a time of day restrictions. If they do not you maybe able to use one of the alternative operating systems for commercial routers to restrict time of day access.
  7. Disable WPS, WiFi Protected Setup, on your router. This feature was compromised in 2012. US HomeLand security recommends that this feature be disabled. If you have Century Link as your Internet provider WiFi Protected Setup is turned on in your router. Century Link has about 7 million routers with this feature enabled.
  8. Add the media access control number on all of your wireless devices on your internal WiFi to your MAC filter in your router.  Each device has a unique hardware address. The MAC filter allows only devices with the selected numbers to access your private office network.

These steps help protect your business or home network.  When you are away from the office using a “free” WiFi connection check this post from Bill Hess. He offers great recommendations to keep you out of trouble when you are working out of the office.

Sources:

FCC Guides

Cyberoam Best Practices

WiFi Alliance