How safe is your Business WiFi ?

As a business owner, you want to provide the best possible facilities to those working at and visiting your premises, whether you disagree with any use of personal devices at work, or are an evangelist for Bring Your Own Device (BYOD) within your workplace, security should be paramount in the technical requirements for your business.

We have seen some installations recently where the WiFi in the building is freely used by the visiting public and is connected to the same network as the business computers and equipment with no separation at all and a simple group of computers that have no passwords …

The potential result of such a configuration is that anyone who sets their mind to access your information and data can and will do so, the ability of smartphones to access information on other machines makes such things child’s play (literally in some cases), and should be stopped immediately.

If you consider that every Pub, Club, Hotel, Guest House, Garage, corner shop or café is expected to provide WiFi so that their clients can keep in touch with the world at a moments notice, the fastest way to do this is just give them the SSID and Password for your router provided by your Broadband provider.

There is very little “out of the box” security enabled for this type of requirement but checking some basics can help.

Basic Check:

If you login to your router, there will probably be a section called WiFi where you can setup things like the SSID and Password ( you can make your SSID your business name or anything else to promote that it is yours ), in this section, or under security, you could see a setting for  Wireless Separation or Wireless Isolation or Client Isolation ( or similar ) that will allow your users only access out to the internet, they will not be able to see other devices on the network so they are restricted in their access and use.

More Advanced Options:

Some routers have a Guest Function, or Guest Zone ( again people call this a lot of things ), but this will do a similar job but usually is a bit more involved to setup.

Whilst you are looking:

Change the default wireless password to something else, and then make a note in your diary to change it again at a suitable date in the future. If you don’t do this, then often the router has this written on the bottom or on a card and with it the Admin Password to get into the settings, change both of these otherwise a hawk-eyed, or camera assisted person can get these and make their own changes.

As a small aside but to reiterate the point, I went to a friends house and they weren’t in, I called them and they said they would be back in about 30 minutes so I decided to wait, their router is in their porch window and has its back to the window, the SSID and Password are right there in front of me, I must stress that these are very good friends but it was a new router and I didn’t have the credentials, but I just read them and I was connected. Note that I did tell them when they got back and got them to cover up the details!

What’s the best option:

The best option by far is to run two separate Virtual Lans or VLANS, with different SSID and Passwords that operate completely independantly. This can be a lot more complex to setup but when it is done correctly you will be in the best position to protect your business and data from unauthorised access.

If you would like more information on any of the above points, why not give us a call – 01948 820787 – happy to help.

No Comments

Post A Comment