Unsecured wifi: big trouble for small business

It makes sense that the small business community has been quick to embrace the use of wifi networks. Many small enterprises have limited physical space to operate in, so the ability to provide internet access without the need to run cabling to every device on site is very appealing.

However, unless adequate security measures are put in place, using a wifi network also exposes a small business to a variety of security risks that could result in serious financial and reputational damage. Depending on which recent piece of research you believe, it’s estimated that between 25% and 50% of all UK small businesses are currently at risk of hacking due to poor wifi security.

While many small businesses may be tempted to think that they are unlikely to attract the attention of hackers, it’s important to know the seriousness of the risks involved.

For example, a recent study of US small and medium sized enterprises by the Federal Communications Commission (FCC) found that malicious hacking led an average loss of nearly $200,000 per attack, more than enough to sink many a small business in the current tough trading climate.

Unauthorised users of your business network could also create lasting damage to your reputation by exposing sensitive files and data, including bank details and customer data that you are legally obligated to protect.

The methods you use to secure your wifi network will depend on factors such as the age of your IT hardware, the number of employees using the network and whether you wish to provide internet access for visitors to your premises. In general, though, the following security measures should be considered:

Authenticate your users

Allowing open access by anyone in close proximity to your wifi network is a big mistake. Ensure that your wifi network can only be accessed by authorised users requiring login and password details.

Encrypt your data

Check what encryption key your network is using. If it is the Wired Equivalent Privacy (WEP) encryption method, it’s time to upgrade as this out-of-date key can be easily hacked. Instead, you should use the Wi-Fi Protected Access (WPA or WPA2) encryption method: if you have employees you should use the Enterprise version or else everyone will share the same network password – including employees who leave your organisation!

Direct your traffic

There’s no reason why all network users should have access to every part of the network, e.g. junior staff with access to shared management files, so consider dividing your network into separate virtual networks (VLAN) to provide internal security.

Ignore your neighbours

If your premises are located close to other businesses, it’s possible that an employee may login to a neighbour’s unsecured wifi network by accident (or on purpose). Make sure that your staff are blocked from accessing any neighbouring open network.
Stay up-to-date

Staying secure requires ongoing effort and maintenance. Make sure that your firewall and business software are kept up to date with the latest security patches and fixes. Hacking techniques are becoming more sophisticated every day, so don’t become complacent.