Best Practices for Small Business Wireless Security
Small business owners have a lot on their minds, but it seems that network security isn’t always one of them. An unsecured wireless network, as trivial as it may seem to some, can be costly on a growing business. Below we’ve taken note of what small business owners can do to ensure that unauthorized people can’t access private folders or steal sensitive data.
Encryption
Unfortunately, many people assume that wireless routers are secure by default. Not only is this assumption wrong, but it’s also dangerous. Small business owners should always make sure to enable encryption on their router. Failing to do so gives access to anyone to your wireless network. To prevent this, you’ll need to use a PSK mode of WPA or WPA2. By setting up an encryption password on connected devices while connecting. FOr employees, you should use the EAP mode of WPA security to prevent employees from seeing the encryption password. This is a precaution in the case that a company sanctioned laptop or mobile is stolen.
Limiting Access
In the modern workplace, shared folders make life easy by providing easy access to the relevant parties. That being said, you should always make sure that all shared resources on the network are secured by setting file and sharing permissions and determine which employees have access to which documents.
Physically Secure Wireless Gear
Sometimes wireless settings aren’t enough. You should make sure that your wireless equipment is well out of view and reach of all visitors. If your wireless router is in plain view, any unwanted guests could easily disable encryption settings. Additionally, you should make sure that any and all ethernet ports are out of reach of visitors, preferably behind desks, and that all unused ports are either removed or disconnect from the internet.
VLAN
For businesses with frequent guests, remember that you should never allow non-employees to access your private wireless network. Doing so could provide an opportunity for somebody to hijack some network accounts. If your business is looking to provide visitors with guest access, you should always remember to establish a virtual LAN with a separate SSID.
Address Filtering
While MAC address isn’t a major defense against a veteran hacker, it has the ability to deter the casual network snooper. With this approach, you identify the MAC addresses you wish to to allow network access. All other devices trying to access the network will be turned away, but it remains possible for someone to use a privileged MAC address and pass it off as their own. Again, don’t rely on this method as a serious defense against hackers, it should be regarded as a deterrent at best and an inconvenience at best.