Have you noticed at work how cybersecurity has taken the leading role in business activity? If so, you may already know some measures to strengthen your Wi-Fi networks. If not, we recommend that you take a deep look at this article.
In order to be aware of the importance of cybersecurity in companies, let’s take a look at their current situation. In order to do this we are going to use the information published on a study (in Spanish) carried out by Deloitte about cybersecurity in Spanish companies:
- Companies spending less than 3% of their budget on cybersecurity have a high probability of suffering 2 big cyber-attacks in a year.
- Fortunately, cybersecurity investment has grown up, rising to a 9% of the budget in 2019.
- 60% of the companies that participated in the study don’t have cybersecurity certifications, such as ISO / IEC 27001 and ISO 22301.
- The most common attacks are malware and phishing.
We also have information from the Global Cybersecurity Index, a document made by the International Telecommunications Union (ITU). According to this document, Spain is in 7th position with 8.96 points out of 10. Spanish companies are in good shape but we can never relax, as cybercriminals are always looking for new methods to attack websites.
13 keys of cybersecurity for corporate Wi-Fi networks
The main recommendations for the improvement of your cybersecurity Wi-Fi connections are:
1.- WPA2 or WPA3 encryption
If you are a Wi-Fi network user you have several options for data encryption. All of them respond to the acronym WPA (Wi-Fi Protected Access). WPA2-PSK (AES) and WPA3 are the most updated and secure standards. Between these two, you might choose the last one whenever it is possible.
WPA3 encryption has great qualities, such as better protection against brute-force attacks, much difficult decrypting of captured information, better secure public networks, a more complex encryption, and improvements for IoT devices.
2.- Set new passwords
Your company will be more secure if you define new passwords for your wireless network. We recommend creating a password policy in order to make passwords really safe.
In a secure password policy you must include aspects such as a minimum password length, upper and lower case alternation, numbers, special characters, etc.
3.- Strong authentication
When it comes to protecting your company from an intrusion into your Wi-Fi network, you can enforce access by going beyond a strong password. To do this, you have 2 effective methods: two-factor authentication and mutual authentication.
- Two-factor authentication: you need to provide 2 pieces of identity evidence, among which are passwords, biometric passwords, PIN codes, one-time codes that are sent to a mobile phone, etc.
- Mutual authentication: each user will have their own unique access credentials. This is a safer alternative than sharing the same password among workers, which is known as PSK (Pre-Shared Key).
4.- Change the SSID
SSID is the acronym for Service Set Identifier or Service Package Identifier (the name of our Wi-Fi network). It’s made of a sequence of 32 ASCII characters (letters, numbers and symbols).
We recommend to change the default SSID, as it may contain sensitive information about the company, the access point model used, the supplier company, etc.).
5.- Deactivate WPS
Many access points have the authentication option via WPS or Wi-Fi Protected Setup enabled. What is this? It is a function used to connect to a network by entering an 8-character PIN code.
Although the purpose is to ease the network access, it also makes it easier for cybercriminals to get in. That’s because figuring out an 8-character code is easy for them.
6.- Reduce the range of allowed IP addresses
To do this, you’ll have to disable DHCP (Dynamic Host Configuration Protocol), which automatically assigns an IP address to each device connected to the network. Once this is done, you can limit the IP addresses available, so you can control them easily.
7.- MAC address filtering
Each device connected to a network has a unique identification code, known as MAC (Media Access Control) address. Computers, phones, tablets and any device that can access the internet has his own code.
You can strengthen your company network security by allowing access only to a series of MAC addresses.
8.- Updated firmware of the access points
The access points or routers are managed via software or firmware. It is crucial to have the most recent version of your software installed, as it will have the latest cybersecurity updates.
9.- Limit the privileges of each user in the network
Another recommendation is to limit the access to tools and resources to the workers. This is decided depending on the needs they have on their daily work duties.
10.- Monitoring and control
Companies will be much more secure if they keep a key actions record, including attempts to connect to the network, whether they have been successful or not.
In addition, it will be helpful to have strict control on possible attacks, as well as of all the potential vulnerabilities of their system.
11.- Security audits
In order to check the degree of security of a corporate network, you can carry out a periodical audits. Using various inspections and tests, you can point out the main risks you are facing. Based on the results, actions should be taken to create a much more protected environment.
12.- Limit the power of the access points
Cybercriminals will not be able to act on your Wi-Fi network if they can’t reach it. You can keep them away from the network by adjusting the power and radius of action in the access point antennas.
Although it can be difficult to find the perfect balance where the signal reaches every corner of the company and doesn’t reach beyond its facilities, the results are definitely worth it.
13.- Consider having a guest network
It is possible to create a second independent network in some access points. A guest network that can be used by people from outside the company such as clients, partners, maintenance personnel, etc.
Following these 13 measures, you will be able to have a much safer Wi-Fi network. If you want to go further, Galgus offers specifically designed solutions with advanced cybersecurity options for business environments.
CHT software for access points detects, locates, and neutralizes attacks and reduces their effects. In addition, it allows you to safely manage the information in cloud environments. Do you want to know more about CHT cybersecurity benefits? Ask for a Demo Today!