When setting up a wireless network for your small business, it can be all too tempting to leave any security functions switched off. It may seem at the time that getting work done is much more important than worrying about a threat that probably won't ever materialise.
But small businesses, like all others, need to make sure their networks are secure. After all, your customers are counting on you to keep their confidential data safe.
The thing to realise is that your wireless network doesn't only extend within your premises. Wireless technologies provide long-range connectivity that cannot be restricted to the office, which means that anyone within range of an unsecured network can gain access.
- Whatever solution you choose, you will need a VPN to complement it. Why not read our best VPN services roundup and pick up your best.
This threatens more than just allowing others to use the internet for free. It could make you vulnerable to a breach of privacy, as hackers could monitor and intercept the open packets of data whizzing between devices and the router. Passwords, financial records, customer information and private data are all fair game to the criminal.
In addition, others may use your open wireless to access the internet for illegal activity. Should this happen you could find yourself involved in legal action, so it's well worth taking the necessary steps to ensure your network is reasonably secure. So here's what you can do.
Possibly the most important measure you can take to protect your network is to use encryption. Virtually all routers and wireless devices offer some form of encryption, which scrambles the data transmitted to and from your router, making your network's information unreadable to outsiders.
Encrypting a network involves creating a password or passphrase that is difficult to guess. But note here that, while there are different forms of encryption available to wireless networks, not all of them are secure.
The most basic and oldest form of wireless encryption to be commonly used is WEP (Wired Equivalency Privacy), which utilises passwords using 10 to 58 digits using 0 to 9 and A to Z.
It is no longer considered secure and can be cracked in minutes by hackers using off-the-shelf hardware and software, but some older systems still only support WEP. If you have such a device, you may need to consider ditching it in favour of something else or lowering the level of security on the network.
While WEP should not be used to secure a network, it's still worth remembering that any encryption will provide more protection than none at all.
WPA and WPA2
Developed to overcome the weaknesses in WEP, WPA and WPA2 (Wi-Fi Protected Access) are the encryption modes now most widely used in wireless networks.
They use both passwords and passphrases to secure networks. A password is one group of letters, numbers and characters without spaces; a passphrase is a string of grouped characters that includes spaces, such as "Th1S 1S a p@ssphr4s£". A passphrase is much harder to guess and break than a simple password.
Use a firewall
Hardware firewalls provide the first line of defence against attacks coming from outside of the network, and most routers have firewalls built into them, which check data coming into and going out and block any suspicious activity. The devices are usually set with reasonable defaults that ensure they do a decent job.
Most firewalls use packet filtering, which looks at the header of a packet to figure out its source and destination addresses. This information is compared to a set of predefined and/or user-created rules that govern whether the packet is legitimate or not, and thus whether it's to be allowed in or discarded.
Software firewalls usually run on the endpoint desktop or laptop, with the advantage of providing a better idea what network traffic is passing through the device. More than just which ports are being used and where data is going, it will know which applications are being used and can allow or block that program's ability to send and receive data.
If the software firewall isn't sure about a particular program it can ask the user what it should do before it blocks or allows traffic.
Change the router's access name and password
It is all too easy to set up any equipment with its default settings, especially as the default admin name and password are often printed on the router itself to allow quick access and setup. This means that hackers will try these to access your network. Changing both access name and password will make it more difficult for a criminal to gain access.
Change the default network ID
Virtually all routers come with a default network ID supplied by the manufacturer. This can provide hackers with a little clue to the identity of the router and so helps them find weak spots more easily. Changing this usually means going to the router's security settings and amending the name there. Always keep a note of what the network ID is, and put that somewhere safe.
Stop your router broadcasting its network ID
When switched on, the wireless router will broadcast its network ID (or SSID). While this is useful in enabling connections between devices, once they are connected you can turn off the broadcast so the router operates in more of a stealth mode.
Enable MAC authentication for your users
You can limit who accesses your wireless network even further by only allowing certain devices to connect to it and barring the rest. Each wireless device will have a unique serial number known as a MAC address, and MAC authentication only allows access to the network from a set of addresses defined by the administrator. This prevents unauthorised devices from accessing network resources.
Create a separate wireless network for your customers.
The wireless network used by your employees should be used by them alone. If you have customers or contractors that need wireless access as well, you should consider creating a guest network. Most business-class routers allow you to do this, and it prevents outsiders from accessing your internal network assets while still allowing them connect to the internet. This virtual local area network enables employees and guests to have access while protecting your network from snoopers.