Cyber Security: How to Protect Your Data Over Wi-Fi

free-wifi-smartphone-335Anyone and any business, regardless of size or industry, is a potential target for a cyberattack.

Today business professionals are on the go constantly, working from home and while they are traveling. What’s the problem? You are probably thinking you trust anyone on your network and those who have access to your devices. Well, you shouldn’t. The same technology that makes it easy for you to stay in touch with the office also makes it easy for nefarious individuals to hack your communications and into our devices. You and your network are only as strong as the weakest link, which frequently is far weaker than anyone expects.

Because office computers are generally connected to the same network if a hacker is able to gain access to one machine that shares the network connection they can potentially, and sometimes quite easily, gain access to all of the machines and information on the network. What this means is that computers on the same Wi-Fi network can potentially have access to any unencrypted information that pass through that network.

What follows are some simple, but critically important steps to take to protect your information.

Have a Guest Network

It is quite common for business associates to expect the ability to access the Internet via a Wi-Fi connection while attending a meeting, event or conference. As the host, you may want to provide that access, but you don’t want your generosity to wind up being a gaping hole in your data security.

As a precaution to keep unwanted or unauthorized users from accessing sensitive data, we suggest you segment your network: have a different network for employees and guests. By keeping these networks separate, the risk of a data breach is reduced. Most Wi-Fi routers today are enabled to handle both a guest network and a private network. If yours doesn’t, a new router that does will cost you less than $150.

Change Your Strong Password Often

Not only should your Wi-Fi network be password-protected, but you should also change the password on a regular basis. We recommend that you change your password every 90 days for the employee network and every six months for your guest network, at minimum. By consistently changing the password (although possibly difficult on employees), you decrease the odds of a hacker learning the password and breaching your secure network.

Ideally, passwords should be a minimum of 14 characters, with a mix of upper and lowercase letters, numbers, and special characters. The more complex a password is, the harder it is to hack via brute force.

Use the Right Security Protocol

There are many different protocols that can be used when setting up your Wi-Fi network, like WEP, WPA, and WPA2. The difference between them comes down to the algorithm used in the encryption process. Using the WPA2 encryption protocol is the recommended standard by the National Institute of Standards and Technology and the United States government.

WEP: the original encryption protocol developed for wireless networks. As its name implies, WEP was designed to provide the same level of security as wired networks. However, WEP has many well-known security flaws and is easily broken.

WPA: introduced as an interim security enhancement over WEP while the 802.11i wireless security standard was being developed. Most current WPA implementations use a preshared key (PSK), commonly referred to as WPA Personal, and the Temporal Key Integrity Protocol (TKIP, pronounced tee-kip) for encryption. WPA Enterprise uses an authentication server to generate keys or certificates.

WPA2: based on the 802.11i wireless security standard, which was finalized in 2004. The most significant enhancement to WPA2 over WPA is the use of the Advanced Encryption Standard (AES) for encryption. The security provided by AES is approved for use by the U.S. government to encrypt information classified as top secret.

Make sure to NEVER use WEP since it has many well-known security flaws and can be easily broken (brute-force).

Physically Secure Your Router

Beyond cyber security precautions, limiting who has physical access to the router device is also important. Unauthorized users can manipulate, change, or corrupt your Wi-Fi network just by having direct, physical access to the router. Of course, you are probably thinking who could get physical access to the router? Well, when was the last time there was a business meeting at your office and someone asked to use the restroom? Were they escorted to and from the restroom? Likely not. If that person were a hacker posing as a potential client and they were given the ability to walk around they could have done any number of things, ranging from plugging a device into an open port on the back of a computer (or even printer) to tampering with your router. It is as easy as pressing the WPS button on the router, which allows users to connect to a secure network without having to know the network password.

Again, no solution is perfect, but keeping your device in a locked room does decrease risk, and it is a very cheap solution that costs nothing.

Change The Default Password of Your Router

By now most people are aware that they should not use “password” as their password. If you are at all tech savvy you aren’t using “password” as your password for your router either, but is what you are using any more secure?

By default, Wi-Fi routers have the same administration password to allow for easy setup. Once you install your router, make sure to change the default password otherwise it would be exceptionally easy for a hacker to access your secure network. We recommend that you change the administration password at least every six months and use a strong password as recommended above.

AT HOME

If you bring your work home with you, you should apply all of the above recommendations to your home office. We recommend that you use a guest network for personal activities and keep the private network for work related activities only. We know that changing your home Wi-Fi password is a pain, but it is truly important to avoid data breaches. Hackers know that home networks are less protected than work networks, and security really is only as good as the weakest link.

ON THE GO

Home and work are not the only places where you are vulnerable to a cyber security breach. Public networks, like those offered at our favorite restaurants, cafés, hotels, airports, and train stations are prime targets for hackers. Some hackers are actually paid to stay at those locations and “sniff” out data, which they can sell on the black market.

There are many ways that you can help protect your data on the go while using the convenience of free, public Wi-Fi, which includes using a VPN connection to encrypt your data. Using a VPN will ensure that all your data in transit remains encrypted.

VPN, or virtual private network enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network, and thus are benefiting from the functionality, security and management policies of the private network. A VPN is created by establishing a virtual point-to-point connection through the use of dedicated connections, virtual tunneling protocols or traffic encryption. The VPN will encapsulate your data with an encryption algorithm, often IPSEC.

Most are surprised to learn that setting up a VPN can be accomplished for at little as $50 a year. We have set up VPNs for individuals and law firms and have them up and running within 1 hour. There is no noticeable drag in Internet connectivity when accessing a network through a VPN, and it offers the highest levels of security when public Wi-Fi must be used. Given the cost and benefit using VPN really is essential for professionals on the go.

In addition to using VPN, it is also recommended that you encrypt your entire hard drive so that if your computer or device were ever to be lost or stolen, your data could not be accessed without the encryption key. Again, doing this is surprisingly affordable or even free if you’re using Windows 8 or 10.

 

ADDITIONAL INFORMTION

To see if you are a target, please visit: http://learn.cyber-revolution.com/law-firms-are-you-a-target/

To learn more please visit https://www.cyber-revolution.com/serenity-plan-law-firms/.

 

Share

Warning & Disclaimer: The pages, articles and comments on IPWatchdog.com do not constitute legal advice, nor do they create any attorney-client relationship. The articles published express the personal opinion and views of the author as of the time of publication and should not be attributed to the author’s employer, clients or the sponsors of IPWatchdog.com.

Join the Discussion

4 comments so far.

  • [Avatar for Gene Quinn]
    Gene Quinn
    November 19, 2015 02:28 pm

    A better security consultant than you—

    Thanks for the laugh. If you really wanted to be taken seriously you wouldn’t be anonymous.

    -Gene

  • [Avatar for A better security consultant than you]
    A better security consultant than you
    November 19, 2015 02:05 pm

    >Ideally, passwords should be a minimum of 14 characters, with a mix of upper and lowercase letters, numbers, and special characters.

    Wrong Wrong, wrong wrong wrong. This is a myth, and one I am sick of seeing. Please stop telling people this lie. It’s a doddle to hack offices using passwords like that. I’ve done it a dozen times in the last year.

    A good password has two main features. High entropy (NOT complexity) and no reason for a human to write it down. A mix of characters gives you complexity, some entropy, and a VERY good reason for a human to give it away. So it’s STUPID.

    A far better rule would be “at least 32 characters that a human can remember without feeling any need to write it down”. ABadgeOfInfiniteComplexity is billions of times more secure than EzLQ^7209!WEDr

    (Hint – when I say hack, I really do mean it. The 14 character password I’ve given is written on a post-it note in the office I am in right now, as a guest)

  • [Avatar for Will]
    Will
    November 2, 2015 08:43 am

    Great write up. I did have a question for you both. Why do most business think having insurance on a building is a necessity yet they are more likely to be hacked and only 29% have cyber insurance? Is because they don’t think they are a target or just don’t know how likely they are to be hacked?

  • [Avatar for Nelson Avek]
    Nelson Avek
    November 2, 2015 07:58 am

    Thanks for sharing these helpful tips. Posts like this can help people, who don’t have much technical background, to protect their personal and precious data.
    One more thing I would like to add is, you should not do any kind of financial transaction or activity on public or shared WiFi. These are the most vulnerable spots where you can be cyber attacked.
    Always keep your personal documents and files encrypted, this can add another layer of security to your data.
    On the home wireless network, bind the MAC addresses of your devices and don’t allow anyone else to connect with your router. Even just hide the SSID of the router if possible.