We hear far too often about data breaches happening in major organisations.
A major contributor includes increased reliance on digital technologies to conduct their daily operations. This is done predominately through the Internet, and sometimes by granting customers access to the organisation’s wireless network.
Here are four questions that you should be asking your Network Administrator (or yourself!) to ensure adequate cyber resilience for your organisation’s wireless network:
What’s your password policy like?
Let’s start with the basics, namely the password.
Your wireless network may be insecure due to insufficient password complexity rules, even though it may be using the strongest form of Wi-Fi encryption, i.e. WPA2 (Wi-Fi Protected Access). Using short length and weak passwords can leave your network open to passwords being compromised and cracked by using basic tools and techniques from the most amateur hackers.
Despite this being an obvious point, it is still far too often overlooked.
Enforcing a password policy that has sufficient length and complexity can mitigate some of the more basic to medium complexity of Wi-Fi attacks. This is the first step towards protecting your network from password cracking attacks.
Have you ever updated your device’s firmware?
Most networking devices have embedded software, known as firmware, used to control and manage the device. Keeping the firmware of your devices (switches, routers, access points, etc) up to date is critical.
Most devices have product support in the forms of updates. Patching your product with these updates will fix bugs and security vulnerabilities that are discovered after the product’s initial launch.
Make it a habit to check your device’s firmware version against the latest available update. It’s also a good idea to find out how long the device will be supported by the vendor to know its end-of-life and when updates will end.
Is something there when it shouldn’t be?
Occasionally, unknown devices that are malicious and unauthorised can appear within a network and go largely unnoticed for some time. These devices generally take the form of a laptop, setup to be a bridge between a victim and the organisation’s network.
Not only do these networks created by the device bypass any wireless security policy, they can also act as a proxy and intercept all data that passes through it. These are known as “rogue devices”.
These devices do not comply to the wireless security policies set by the network administration, effectively “playing by their own rules”, and therefore pose a significant security threat to the organisation. To combat this, routinely scan the internal network to check if any rogue devices can be found using tools like Nmap.
Have we enabled our guest Wi-Fi?
Enabling guest Wi-Fi is not so much about generosity than about protecting your organisation’s “real” network through proper segregation. The guest Wi-Fi should be set up to be isolated from the organisation’s internal network, but still provide a limited amount of connectivity for the guest.
Guest Wi-Fi networks can be time and/or application limited. Creating a guest Wi-Fi network and policy helps keep your organisation’s data safe while still providing required access to those who may need it short-term, or who need to interact with specific areas of the application.
Security measures to protect your wireless network can start with the basic questions outlined above. The next step is to identify possibly vulnerable areas and drill down to low-level design, tasks and actions to strengthen your network.
Secure your network
With all of the potential blind spots that are potentially being overlooked, ensuring your network’s robustness and security is neither quick or easy. The above four steps are a good start, but the reality is that much more time and effort are required to secure a network, particularly if it’s large and complex.
Security Testing is one of the best ways to validate your network security. Testing is effective because it looks at your digital assets, how risky and valuable they are to you, where to put in controls, and simulate what a likely attack would be.
Contact us to find out how you can start protecting yourself today before security becomes an issue tomorrow.