"I run a small business and don't provide a means for outsiders to get into my network; I'm not a target." We encourage this small business owner to think again and to work to improve his network security. The news is loaded with data breaches affecting big name companies, but beware, you could be next, and here’s why. Your security is not sufficient just because “you don’t take credit cards” or “your company’s network is segregated from the credit card network”. The problem lies in the many other vulnerabilities that exist on your network.
For example, do you run employee payroll online? An attacker would love to access those credentials. If he or she is truly skilled or maybe just lucky, they could perhaps compromise the payroll company too leveraging your credentials. This same risk exists for health care and any other services you provide for your company. The minute you take any of this online, you are a target. Bear in mind your company may not be the end target for a hacker, rather you may be the quickest route into a system that is otherwise heavily guarded.
Can your business survive a data breach?
For large corporations and financial institutions a breach is hard enough to overcome, but for a small business, it could mean the end of your business due to loss of reputation and customer trust. When you are diligent to hire the right employees and install protection computer equipment for network security, if you are lucky you will never have to worry about a data breach. But someday your luck may run out and you must be prepared for your business to survive.
The Unknown Face of Your Attacker
Today’s attackers are not visible, meaning they may not stand out to you as being bad or threatening. They could even be a customer or member in your lobby, or they may never take one step inside your location yet attack you every day. Take a look at your parking lot. Any of those vehicles may be attacking you as you do business in broad daylight. How? The wireless signal you project is simply picked up, and the attacks on your wireless network begin. The hacker may decide to setup a rogue access point that transmits the same signal as you in hopes that one target will attach to his or her network instead of the legitimate network.
Even worse, you may let your employees on the wireless network; after all they do have access to the data already, so where's the harm? The harm lies in the fact that your employee leaves work, and his or her phone may still try to connect to your Wi-Fi network. An attacker that has a malicious Wi-Fi hotspot setup can actually mimic your company's SSID and unknowingly, the employee's phone will automatically connect. The attacker is now in charge of all network traffic for that phone. There are many attack options at the attacker’s disposal. This same scenario can be used for laptops, iPads and any device allowed to connect to your business network. The attacker does not even need to know the SSID broadcast of your network either. An attacker will configure this evil hotspot to answer to any network request and pretend to be that network. This makes the attack even more successful.
Take Action with Five Ways to Improve Network Security
No one is ever going to be 100% protected from attacks, but there are simple actions you can take to help prevent your organization from falling victim.
- The first and most obvious is to not broadcast your SSID or network name. You can still connect to the wireless network if need be; just put the name in manually.
- The next option is to turn off a wireless network if it’s not needed. This may be obvious, but we've seen that in some cases it’s a matter of convenience only, not necessity. The password to a wireless network should be secure. Make it something that would take entirely too long to crack. There are many programs online to help create a strong password.
- BYOD (bring your own device) should not be allowed unless, again, it’s absolutely necessary.
- If your business depends on free Wi-Fi, spend the money to get an entirely separate network set-up. Yes, there are routers that will create a guest wireless network, but why take the chance that an attacker can compromise this setup? The price of a separate line certainly outweighs the price of a breach and as an additional bonus, customers or members aren’t slowing your network down.
- Last of the easy tips but certainly not least, is storing information on a computer, namely passwords, is a bad idea in general only second to a sticky note on a monitor. If you must store passwords someplace, secure them. There are many commercial products that can help store passwords in a safe, yet convenient way.
While this article may not outline every danger you face with running a Wi-Fi network in your company, hopefully it will have you thinking about security in a way that perhaps was overlooked. The examples given are based upon TraceSecurity’s experiences through performing many wireless security assessments for large and small organizations alike. No one is safe from attackers, and nowadays the attacks continue to evolve at a rapid pace. Be smart and use common sense when dealing with your private data. Don’t be a target.