Skip to content

TeleDynamics Think Tank

Wi-Fi network security: Do you have a blind spot?

Posted by Daniel Noworatzky on Aug 3, 2016 2:54:00 PM

Wi-Fi network security tips by TeleDynamics 

Some businesses do a good job of securing their data network (local area network or LAN) but forget to secure their wireless network. Despite all the pains they took to secure their LANs, their network is as vulnerable to entry as a locked car with the windows rolled down. Wi-Fi network security is a common blind spot, especially for small businesses. Here we look at some basic steps companies can take to lock down their Wi-Fi networks.

  1. Physical security: It is very easy to disrupt a wireless network simply by shifting the direction of the antennas on a wireless access point (WAP), or otherwise interfering with the radio frequency signals. This type of disruption is impossible to identify remotely and can even be difficult to detect with a visual inspection. Keep the wireless access points out of reach and appropriately hidden or in a locked enclosure. Also, if your company has Ethernet ports embedded into the walls, make sure they are inaccessible to visitors or unauthorized persons, or are disconnected from the enterprise network.

  2. WPA2 encryption: WPA2 encryption is the latest generation of Wi-Fi encryption and also the most secure today. Devices with a “Wi-Fi” logo manufactured after 2006 must support this encryption. If there are any older, incompatible devices on the network, connect them directly to the LAN via an Ethernet port. WEP and WSA may also be offered as security options by your WAP, but these are notoriously vulnerable to intrusion, so steer clear of them.

    Wi-Fi security - by TeleDynamics
  3. Secure passwords: As simple as this is, many companies are still using easily guessed passwords for their routers and access points. Secure password guidelines are just an Internet search away. In any case, use long passphrases with mixed-case letters and numbers, and don’t use any words that are included in a dictionary from any language. Remember, too, that the entire network can be accessed from any connected device, so be sure to train employees on how to create safe passwords for their own endpoints.

  4. Guest Wi-Fi network: Only allow authorized users to connect to your enterprise network. Set up a separate network for visitors and guests. Some enterprise WAPs allow you to offer two separate network names (SSIDs) on the same Internet connection. Otherwise, you will need to add an additional router or access point. For more solid security, you could enable separate encryption for the guest network.

  5. VPN: When remote or traveling users access your network, a VPN (virtual private network) will make sure your LAN is not exposed to the Internet, keeping employees’ online activity behind your firewall. It will also keep outsiders from spying on your employees’ Internet browsing activity. Without going through a VPN, company information and files on employees’ computers or smart phones can easily be accessed if they connect to an unsecured Wi-Fi network. Malware installed on these devices could then infect the enterprise network once they are reconnected to the LAN.

    If users do find themselves in need of connecting devices to an unsecured (open or unencrypted) network because no secure networks are available in their current location, here are some basic precautions they can take to help mitigate the risk of a data breach:
      1. Avoid performing sensitive tasks, especially ones that require inputting a company password, while connected to the unsecured network
      2. Use strong passwords
      3. Make sure the connected device is equipped with antivirus software
      4. Only enter passwords or personal information on websites that provide an encrypted connection (i.e., those whose URL starts with https://)
      5. Keep devices updated and only update them using a secure Internet connection
      6. “Forget” the network in the device Wi-Fi settings once disconnected

CONCLUSION

While no network is 100% safe, taking some basic precautions and putting appropriate policies in place to secure your company’s wireless network can mitigate the most prevalent risks and go a long way towards protecting your valuable data.



You may also like:

For a safe new year, you need more than a firewall

Is your SIP phone system safe?

Five reasons you should add an SBC to your IP network

 

Topics: VoWi-Fi, Business Telephone System, Network Security

Comments

Welcome to our Think Tank

In this blog you'll read our thoughts on business telephone systems. While a lot has changed in telecom since TeleDynamics was founded in 1981, we remain as committed as ever to delivering the best customer service in the industry.

If you would like elaboration on a specific topic, please let us know in the comments section.

Happy reading and thanks for stopping by!

Receive New Articles by Email

BiBA-2017-silver-midres
Easy template for creating a network security policy
New call-to-action
New call-to-action