In today’s connected world every little store or office needs internet, and the usual way to implement that is by setting up a WiFi. There are endless products that allow for a plug and play experience for the less tech-savvy users. However, there are some common traps that someone inexperienced might fall into when setting up a network. In this post I will discuss some of these traps and what risk they might impose.
Note: Any specific examples in this post are fictional, but the concepts are quite common from looking around and talking to businesses.
Separate Guests and Internal Users
To minimise the exposure of the systems the business require to operate and therefore also minimize the risk it is important to reduce the number of people whom have access to the network. The main thing here is to keep any visitors (or customers) from accessing the same network as the internal systems (fileservers, cash registers etc.). A common solution for this is to have two separate networks, a guest network and a company network. For larger companies this separation might need to be taken even further, but this is a great first step.
The main goal with separation is to implement what is commonly called Defence in Depth. This means that if one of the security measures would fail, all would not be lost. Instead there would be another defence that would hinder the attack. By restricting what an attacker can access, the risk that they can exploit a vulnerability decrease as well.
Secure the Internal Network
No matter how well separated the internal network (and its users) are from the external users it has no effect if there are ways to circumvent the separation. For example if in a café a customer can plug into the access-point and access the internal network. Another perhaps more common error is to have an easily guessable password for the internal network. If the WiFi name is used as password, it is the same as if there was no password at all. An attacker would swiftly test different passwords, and the name of the network would absolutely be one of the first ones.
Change Default Settings
After taking a look at the network as a whole it is time to look at the systems on the network. When adding a new system it is important to take a look at the vendors configuration recommendations. Are there any security features that can be enabled? Another important step is to change any default passwords in the system.
Overall the goal in this step is to minimise the risks by utilising any defences of the systems on the network.
Keep Systems Updated
Lastly, all devices on the network needs to be maintained. Vulnerabilities will be found in the solutions used on the network, and there is nothing that can be done about it. As a business owner the only thing to do is to be aware and ensure to have a regular update schedule. When a vulnerability pops up, the patch needs to be applied as soon as possible. One way to do this is by automating the installation of updates. This ensures swift updates without adding the overhead of keeping track of when updates are released and applying them manually.
Installing updates without first testing them adds another risk in the form of supply chain attacks. However, the risk in comparison to the cost of mitigation is quite low. Every business needs to make their own analysis, but from my point of view, the benefit of swift updates outweigh the risks for most small companies.