How to Secure Your Office Wi-Fi
In the third quarter of 2012, businesses and organizations the world had to fend off a whopping 981 million hack attempts. By all estimates, this number has easily breached the billion-dollar mark per quarter by now.
A number of these hack attempts were effected through unsecure office Wi-Fi networks. At a time when businesses are losing billions of dollars every year to hackers, it is crucial that you take every measure to secure your office Wi-Fi.
Below are some common measures you can take to enhance your Wi-Fi security:
1. Use a Strong Wi-Fi Password
The first step in securing the office Wi-Fi is to choose a strong password. Yes, it may sound basic, but you'll be surprised to know that a small, but significant portion of Wi-Fi users leave their connection unsecured (6%) or use the default login credentials (11. This means that anyone can log in to your Wi-Fi network and leech not just your bandwidth, but also use it to hack into your office network.
2. Change the Router Admin Log-in Credentials
Every Wi-Fi router has an admin panel where you can change settings, block sites, setup firewall rules, access logs, set up the Wireless Area Network (WAN) and upgrade the firmware. For most routers, you can access this admin area by entering the router IP address in your browser (usually 192.168.0.1/192.168.1.1).
The default login credentials for this page are 'admin' (for username) and 'password' (for password). Since most people seldom change these login credentials, anyone with access to your Wi-Fi network can easily login to the router admin area and change the settings, putting your entire network at risk.
Hence, the second step in securing your office Wi-Fi is to change the router password to something more secure than the default credentials. You can do this in the admin panel itself, usually under the 'Set Password' heading.
3. Enable WPA or WPA2 Encryption
Wi-Fi passwords are notoriously easy to crack. This is why experts recommend that you complement the password with WPA or WPA2 encryption (WEP - another popular protocol - is no longer considered secure enough). Once you activate WPA encryption, anyone wanting to access your network will need a passkey in addition to the Wi-Fi password. Make sure that this passkey is difficult to crack (and different from the Wi-Fi password). All network traffic will be completely unreadable to anyone who does not have the right passkey.
4. Use a Generic Wi-Fi SSID
The Wi-Fi SSID (Service Set Identifier) is the name used to identify your wireless connection. You see this name on your computer's wireless connections page. Most people name their Wi-Fi connection something easy to remember and identify. More often than not, this includes some personal information, such as the company name, address, or a personal favorite quote/band/movie, etc.
While this might make the Wi-Fi easy to identify for you and your colleagues, it also makes it very easy for hackers to pinpoint your Wi-Fi and trace it back to your company. This is why experts recommend that you use a generic name like "Connection 1" instead of an easily identifiable SSID like "XYZ Company Wi-Fi".
You can change the SSID in the router admin panel, right where you changed the router password.
5. Limit Device Access
Every device with wireless networking capabilities has a unique identifier called 'MAC' address (Media Access Control address). This is usually in the form of six pairs of numbers and letters like "86: 8B: 24: 25: 00: BE". On a Windows computer, you can find the MAC address under the heading 'Physical Address' on your connection's properties page.
If you know what all devices will access your office Wi-Fi, you can use the router admin panel to limit Wi-Fi access to only those selected devices. Any device with a MAC address not listed in the approved list will not be able to connect to the network. Since the MAC address is very difficult to change, this can make your office Wi-Fi extremely secure.
6. Disable Unnecessary Functions
Most new wireless routers ship with features that allow remote access to the router admin panel, connected computers, etc. For a majority of users, these features are rather superfluous and only serve to undermine your network security. Unless you have a specific need for these features, it is best to disable them, lest an enterprising hacker use them to remotely access the router.
7. Set up a Router Firewall
As any computer security expert will tell you, the firewall is your first line of defense against a threat. While you can set up a firewall on your computer, it is also very beneficial to set up a firewall in the router itself. Most modern routers ship with built-in firewalls that can block or allow certain types of traffic. Use this feature to block potentially malicious websites and allow only trusted sources to pass through.
For most purposes, these seven steps should be enough to keep your office Wi-Fi secure. For additional security, you can use enhanced encryption via WPA-Enterprise mode, hide your Wi-Fi SSID, etc. At the same time, make sure that the router and associated equipment is kept in a safe environment where only trusted people can physically access it.