There seems to be a common misconception that you can use WPA Personal (what you would use on your home network) in a business environment, especially if it’s a small business with less than 500 employees. What’s the issue? You have a password, you use it to connect, safe and secure right?
Imagine your office is in a shared building. You have someone, let’s call him Bob, come in for an interview but their presentation is saved in their emails, so you give them your network password and they connect. The interviews for the day finish, and unfortunately Bob doesn’t get the job.
3 months later Bob goes for another interview in the office next door to yours. Their network is down and he can’t access his presentation – So he tried his luck, and hey presto, your password is still the same! He connects to your network using the password you previously gave him, delivers his presentation and gets the job (let’s give this a happy ending!).
Now, this is all fine, assuming that Bob is not feeling malicious about not getting the job, and only wants to use your connection for legitimate reasons. But what if he wasn’t so amenable?
It’s important to take steps to simply and securely manage your Wi-Fi network.
Wi-Fi Present Access:
Whether it’s an internal employee or someone that isn’t always present in the business (a salesperson, consultant, delivery person, security guard etc) – Whoever is connecting to the network, needs to be able to do so as automatically (and securely) as possible. We’re not advocating making it inconvenient just for the sake of it – But sensible means to protect your network. There are a wide range of issues that administrators regularly face when trying to control the who, what, when and how of Wi-Fi access – But there are systems out there that can help make all of this simple.
WiFi Previous Access:
Imagine someone like an ex-employee who hasn’t been in your office for over a year can still automatically connect to the company’s Wi-Fi network from a nearby area. Not a nice thought to think about them having the means to have a little mooch around your network without you having any type of control over what they’re doing. Another way of putting it – You pop out the house leaving the keys in the front door, and a passer-by let’s themselves in. This type of lack of control in a corporate network is not acceptable. It’s often blamed on the insecurity of the Wi-Fi network itself, but actually goes back to what we said earlier about using WPA Personal in a corporate environment. This really needs to be a thing of the past, but shockingly seems to actually be the majority of what businesses, particularly small ones, use.
Why is that then? Perhaps this is due to WPA Personal being seemingly easier to deploy on a network. How many offices can you think of where the SSID and password are stuck up on the wall for all to see? Sounds nice and easy – Everyone can connect when they need to!
But what about the security risks? Our earlier example with the interviewee could be very different – Someone with access to your network for non-professional purposes and malicious intent would not be good.
Instead, you could use WPA Enterprise (this is nothing new, it’s been around more than a decade) and increase the security of your company network. With features such as dynamic VLAN assignation, AAA management via RADIUS, authentication against a user database, and many others, it could be the best solution for securing your business Wi-Fi network.
Improving the security of Wi-Fi network access
This whole thing doesn’t have to be a headache. Available on the market, there are systems for automating WPA Enterprise to easily manage the internet access of employees, subcontractors and visitors on your Wi-Fi network.
Using one of these systems, you can establish different access policies for certain users, groups of users, device operating systems and even periods of time. You can also monitor and control the connections on your Wi-Fi, as well as attempted connections.
Is your Wi-Fi network security up to scratch? It’s worth thinking about.