“Is my Wi-Fi secure?” This is the question you need to ask yourself if you're experiencing any of the following:
- Extremely slow Wi-Fi
- A surge in phishing emails or fake antivirus messages
- Unknown devices connecting to your router
- Unauthorized software installations
- An unexpected Wi-Fi password change
- Your router suddenly requiring a password
Unfortunately, any of these signs may indicate that your Wi-Fi network has been hacked. Be vigilant — learn about the five Wi-Fi threats you should look out for and seven tips you can implement to secure your wireless networks.
What are the common wireless network security threats out there?
Most wireless routers and wireless access points (WAPs) have a broadcast range of 150–300 feet indoors and as far as 1,000 feet outdoors. Any user within this range can connect to an unsecured Wi-Fi network. More savvy users can even drive around neighborhoods with a computer and a powerful antenna in search of unsecured wireless networks. This is a type of piggybacking called wardriving.
The problem is that when unauthorized people piggyback on your internet connection, they can use it to conduct illegal activities, monitor and capture your web traffic, or steal your personal files.
This Wi-Fi attack, which is launched using either simplistic (brute force) or complex methods, exploits the security weaknesses of a wireless network to infiltrate it. Such vulnerabilities are commonly caused by poor configuration or weak or flawed security protocols.
Evil twin attack
In this type of Wi-Fi attack, cybercriminals set up their own system that impersonates a legitimate WAP. However, they use a stronger broadcast signal than the legitimate one to dupe unsuspecting users into connecting to their system.
Once a user is connected to the fake system, the cybercriminal can easily read any data (e.g., credit card numbers, login credentials, personal information) that the user sends over the internet.
There are plenty of WAPs that are not secure and do not encrypt the traffic they carry. When you connect to these, any data that you send over is out in the open for malicious actors to obtain using sniffing tools. This puts your sensitive communications or transactions at risk.
Unauthorized computer access
When you connect your device to an unsecured wireless network without disabling file sharing, malicious actors can access your device’s files and folders.
How do I secure my Wi-Fi network?
Don’t publicize your service set identifier (SSID)
All routers provide a default name for your Wi-Fi network, which is known as the SSID. The problem is that when you leave the SSID as is, a potential attacker can easily identify the type of router and exploit any of its known vulnerabilities. A simple but effective way to boost your router security is to change the name of your Wi-Fi network, thereby concealing your SSID.
Change default administrator passwords
Change all the default admin passwords of your wireless routers and WAPs. These default passwords are easily available online, so attackers can use these to access your network should you fail to change these.
The Department of Homeland Security (DHS) recommends using a password that is at least 20 characters long and includes numbers, letters, and various symbols. The DHS also recommends changing your password periodically.
Further reading: Department of Homeland Security: Choosing and protecting passwords
Encrypt the data on your network
Encrypt any information that is being transmitted between WAPs and wireless devices. Doing so prevents unauthorized users from viewing it even if they manage to access your network.
These are the Wi-Fi encryption protocols that have been developed to protect data sent over wireless networks:
- Wired Equivalent Privacy (WEP) – This standard was used from 1994 to 2004 and is still used by very old routers. It has a lot of well-known security issues, making it very vulnerable to cyberattacks. It is also hard to configure.
- Wi-Fi Protected Access (WPA) – This served as a temporary enhancement for WEP while the 802.11i wireless security standard was still in development. It’s easier to configure than WEP, but still easy to break.
- Wi-Fi Protected Access Version 2 (WPA2) – This is the 802.11i wireless security standard-based protocol. Unlike WPA that uses Temporal Key Integrity Protocol (TKIP), WPA2 uses the Advanced Encryption Standard (AES), which is approved by the US government to encrypt top secret information.
- Wi-Fi Protected Access Version 3 (WPA3) – WPA3 was introduced in 2018 to address the shortcomings of WPA2 while making connections easier. Unlike WPA2, WPA3 makes it mandatory to use Protected Management Frames (PMF). It also replaces WPA2’s Pre-Shared Key (PSK) exchange protocol with the more secure Simultaneous Authentication of Equals (SAE).
If your wireless routers and WAPs were released before 2019, they most likely only offer WEP, WPA, and WPA2 encryption. In any case, make sure your wireless network devices use the strongest encryption protocol available.
Note: You may need to reconnect all devices again if you change your encryption settings. This inconvenience is minor compared to the major security benefit you’ll gain.
Restrict access to your network
Every piece of hardware that connects to a network has a unique media access control (MAC) address assigned by its manufacturer. You can filter MAC addresses to restrict access to your wireless network to only preapproved devices.
Many wireless routers also have a guest account feature. This lets you grant visitors wireless access on a separate wireless channel with a separate password, thus protecting your primary credentials.
Utilize a firewall
Installing a firewall creates a security layer between your network and the internet. This security solution uses a set of predetermined rules to permit or block incoming and outgoing network traffic. This protects your network from malicious traffic like malware or hackers.
Keep your wireless router and WAP software patched and up to date
Just like any other software, the firmware of your wireless router and WAP contains flaws that can be exploited by malicious actors. Manufacturers of these network devices periodically release updates and patches to address these vulnerabilities.
Unfortunately, most of these devices don’t come with an option to automatically update their software, so make sure to regularly check their manufacturers' websites for updates and patches.
Position your wireless router or WAP in the middle of the office
Don’t place your wireless router or WAP close to a window since its wireless signal range can reach far beyond the confines of your office, making you vulnerable to piggybacking. Instead, place your network devices in the middle of the office. Doing so will not only improve your security, but it will also improve network connectivity in the different areas of your office.
Keeping your network strong and secure is a full-time job. Let our cybersecurity experts at Integrated Computer Services handle it for you for just an affordable, fixed monthly fee. Get in touch with us today!