What Your Company Should be Doing to Stay Secure?
Most internet users today share a common burden: managing the passwords for various email accounts, online portals, and social media profiles. However, for business owners, managing passwords is a whole different ballgame. They have to keep track of employee account passwords, email passwords, software program passwords and most importantly, company Wi-Fi controls.
Unfortunately, Wi-Fi passwords often get put on the back burner and are assumed to not be very important in the grand scheme of business responsibilities. However, neglecting Wi-Fi password management in the business setting can leave companies open to massive cybersecurity risks that threaten their livelihood and continuity.
Back to Basics: What is a Wi-Fi Network Password?
A common misconception is that wireless network passwords only involve internet access. In reality, much more than web access is at stake when it comes to wireless network passwords. Wireless broadband routers allow administrators to manage their company networks through a specified account. Anyone who knows this account username and password can log in to the router, which gives them complete access to the router’s features and information about connected devices.
Most manufacturers set up all routers with the same default username and password. The username is often something straightforward like “admin” or “administrator.” The password field follows suit using simple defaults like “password” or “public”. However, users are given the option to personalize and change router passwords from the default settings to customize and better secure networks.
What are the Risks? How Weak Wi-Fi Security Leaves Business Networks Exposed to Risk
It’s incredibly important for business owners to change default passwords when setting up a new router. The default passwords and usernames for leading market routers are well known among hackers and cybercriminals. In fact, this info is often posted publicly on the internet for anyone to find.
If default passwords are left untouched, anyone who comes within signal range of a company’s Wi-Fi router can attempt to log in. If they make it inside, they can change passwords and settings, wreak havoc, shut down the router and hijack the entire company network. While there are limits on a Wi-Fi routers signal reach, in many cases it extends outside the office to surrounding buildings and homes at the very least.
Strategic Protection: How to Better Secure Your Company Wi-Fi Network in Uncertain Times
To avoid the risks outlined above, business owners should have clear and explicit Wi-Fi password SOP’s in place. Implementing hardline policies for managing Wi-Fi security is the best way for business owners to keep company networks on lockdown and safe from invasion.
Here are some strategic considerations to keep in mind when developing Wi-Fi security policies:
- Change default passwords immediately upon install
As mentioned, changing default passwords immediately is critical. To do this, administrators can log into the router’s console with the current password to then set a new, strategic password. Administrators should change the username as well if the router offers this capability.
Also, note that changing the default password to a weak one like “123456” or “password1” does not help. Choose a strong and strategic password that hasn’t been recently used and is difficult to guess.
- Schedule regular password change dates
To maintain network security for the long-term, implement a change of the administrative password periodically. In fact, experts recommend changing Wi-Fi passwords every 30 to 90 days.
Planning password changes on a set schedule help make it a standard practice in your office. It’s also a good standard practice for managing passwords in other areas like email and other online accounts.
- Be Smart with Storage of Passwords and Password Policies
Whatever you do, don’t undermine your efforts to stay secure by storing password policies and login info inconspicuous or easily-accessible places. For this kind of information, it’s probably best to develop and on-paper, hard-copy approach to storage. Storing this information on the company network leaves all of it exposed to potential risk or loss.
Office managers or administrators should have a designated place where a binder of Wi-Fi password information can be kept. The binder should contain password change policies, including dates of previous and upcoming password changes. Additionally, keep a record of recently used passwords as well as a designated section for the current one. This avoids reusing passwords and creates a master log where forgetful employees can look up Wi-Fi security info as needed.
Open Door Policies: Setting up a Secure Guest Wi-Fi Profile to Share Web Access with Customers & Visitors
Another key consideration that business owners need to make in their efforts to manage Wi-Fi security is network use by customers and guests. It’s become second nature for consumers and professionals to assume they can access Wi-Fi while visiting business institutions of all kinds. Providing business visitors and customers with access to the Internet brings many benefits, but if you are going to open your network to guests, security cannot be an afterthought.
Businesses who do not properly manage guest Wi-Fi leave themselves exposed to considerable risk. Visitors on the network could engage in morally or ethically questionable activities on your company network. They may accidentally or deliberately install malware or ransomware, or visit phishing websites. Securing guest Wi-Fi for business visitors will protect visitors and your network, prevent man-in-the-middle attacks, malware downloads and block phishing attacks. Secure guest Wi-Fi also keeps businesses protected from any kind of legal liability.
Here are some tips for creating secure Guest Wi-Fi profiles:
- Implement Network Segregation
Segregating your network is important for two reasons. First, it ensures that visitors will not be able to gain access to parts of the network used by your employees. Your internal network must be totally separate from the network used by customers and guests. It should not be possible for guests to see your network assets, confidential files, and company resources.
Secondly, in the event of a malware infection due to guest web access, network segregation ensures the attack will not spread from the guest network to your internal network. Businesses should implement a network firewall or create a separate VLAN for guest use and use a software firewall to protect servers and workstations from guest network traffic.
We’ve said it once and we’ll say it again. Changing default passwords and usernames is one of the most basic security practices. However, it’s often the one that’s most commonly forgotten. There are countless reports of data breaches that have occurred because of the failure to change default passwords.
It is also a good idea to change your SSID for your Wi-Fi network. The SSID should reflect the name of your business and it should be quite clear to your customers which is network is yours. Failure to do this makes it easier than ever for hackers and criminals to set up rogue access points and launch man-in-the-middle attacks.
- Stay on Top of Firmware Updates
Like all tech updates, firmware updates are issued for a reason. They patch vulnerabilities that are easily exploited by cybercriminals to gain access to business networks and devices.
If these vulnerabilities are exploited, your business network can be hijacked by malicious individuals. Businesses should have policies in place that require firmware updates to be installed regularly and promptly, with checks performed monthly.
- Encrypt Company Wi-Fi Network Signals
You want to make it as easy as possible for your guest Wi-Fi network to be accessed by your customers and visitors. However, be sure you don’t make it too easy for hackers to spy on individuals connected to your company network.
Encrypt your wireless network with WPA2 encryption. You can then post the SSID and password strategically to make it as easy as possible for legitimate guest users to access the network.
Managing and securing guest Wi-Fi also involves implementing and managing controls over the content that can be accessed on your Wi-Fi network. Content filtering is a must for any business offering guest Wi-Fi capabilities. Access to any kind of adult content should be blocked, including: pornography, gambling sites and other web content that is ethically or morally questionable.
Content filtering solutions will also protect your customers from accidental malware and ransomware downloads while blocking phishing websites. Consider using a cloud-based web content filter as they require no additional hardware purchases and allow for remote monitoring.
Increased internet access is without a doubt making life easier for businesses and consumers alike. Access to the information highway is great, but businesses especially need to be aware of the threats posed by anytime, anywhere Wi-Fi access. Keeping business networks dynamically secure with strategic passwords should be at the top of the priority list for any modern business.
Protecting your company’s continuity means protecting your company network. Phoenix Technologies has helped countless businesses implement security strategies that keep Wi-Fi networks dynamic and secure.