This month our blog is dedicated to all things Cyber Security, to mark ‘European Cyber Security Month’. We want to share our knowledge and experience, to help promote better cyber security awareness within the local business community!

You can find out more about European Cyber Security Month by clicking here.

Wi-Fi: the unknown threat

Wi-Fi is everywhere and as consumers we now expect it to be. This has spilled over into business environments where the need and convenience of a business Wi-Fi network make it an essential service for most organisations these days.

The increasing trend towards flexible and remote working, also now means that employees can be working anywhere using Wi-Fi within their homes or even the all too cliché coffee shop public Wi-Fi. Being able to pick up and respond to emails anywhere, be more responsive to your customers from anywhere at any time, has great advantages including increased service levels and productivity. However, despite its popularity & usage, we have found that Wi-Fi is commonly overlooked when it comes to a company’s cyber security strategy.

A big part of the problem is that the consumerisation of Wi-Fi has generated a ‘plug & go’ attitude to Wi-Fi with little consideration beyond the default settings. As a result, when you connect to a Wi-Fi network, the chances are you don’t really know how secure it is. Most people see Wi-Fi as a gateway but it is also a gateway to your device and in turn any of the networks you connect to.

The Risk of Unsecured Wi-Fi

In and of itself, a wireless network connection isn’t inherently dangerous. It becomes so if it’s unsecured – allowing the movement of data across its airwaves without any form of encryption or security protection, such as firewalls or even gateway antivirus.

Plain text transfer of data over unsecured Wi-Fi channels leaves other kinds of information open to interception and theft. This would include corporate data, intellectual property, images, media files, and the content of unencrypted email or instant messages. The interception of this data can cause reputational damage for an organisation, not to mention hefty regulatory fines if customer data is affected.

A network of unprotected users also allows cyber-criminals to easily distribute malicious software such as viruses and ransomware to devices. Some Wi-Fi hotspots are even set up deliberately for malicious intent.

The risks associated with an unsecure Wi-Fi network may surprise many but this is reality and as cybercrime continues to be such a lucrative industry, attackers are only becoming more sophisticated in their methods. So it is important for businesses to keep on top of cyber security awareness & ensure their staff are following appropriate security policies.

Securing your Connection

We have asked our experienced network engineers to put together their top tips for protecting your business against a Wi-Fi attack. These fall under three main areas:

1. Secure your own device

Perhaps the first and most straightforward step is to ensure individuals are aware of policies and procedures surrounding their own devices. This can include a list of devices that can and cannot connect to the network, guidance surrounding anti-virus, firewall and disk encryption and most importantly, that updates are regularly performed.

Depending on the culture of your office, it may also be good to emphasis in these policies that the same rules apply to mobile devices, particularly as we see an increase in connected devices and the emergence of IoT.

2. Secure your own network in the office

In your office, most network devices including access points are pre-configured with a default administrator password to help simplify set up. The problem here is that these default passwords are easily found online so they won’t provide any protection. Simply changing these default passwords makes it harder for attackers to take control of the device.

Set up a guest network: the trouble with passing out your Wi-Fi passkey to customers & visitors, every time you do, it dilutes your security. Not only do they know your password, but they might also give it to someone else. You could change to a new password after every occasion, which is the most secure, if not the most convenient, solution. More conveniently, and pretty secure as well, is going the whole nine yards and setting up a guest network for visitors.

Now we’re starting to get a bit more technical and this is where a lot of jargon comes in but encryption prevents anyone who might be able to access your network from viewing your data, so it’s an important step. Speak to your service provider to make sure they are using gear that supports encryption via WPA (Wi-Fi Protected Access).

In many small businesses, the concept of "patch management" does not exist – but it should. Research suggests only 14% of broadband users in the UK had updated their router firmware. If you are one of the 86%, do it today. The majority of routers will have an automatic update option, so hunt it down and enable it.

3. Dealing with public Wi-Fi

The best way to know your information is safe while using public Wi-Fi is to use a virtual private network (VPN) when surfing on your PC, Mac, smartphone or tablet. However, if you must use public Wi-Fi, follow these tips to protect your information.

Don’t:

• Allow your Wi-Fi to auto-connect to networks
• Log into any account via an app that contains sensitive information. Go to the website instead and verify they are using HTTPS before logging in
• Leave your Wi-Fi or Bluetooth on if you are not using them
• Access websites that hold your sensitive information, such as such as financial or healthcare accounts
• Log onto a network that isn’t password protected

Do:

• Disable file sharing
• Only visit sites using HTTPS
• Log out of accounts when done using them
• Use a VPN to make sure your public Wi-Fi connections are made private

Find out more about Cyber Security by speaking with a member of our team.