Your firm’s wireless network may well represent a tempting target for hackers and criminals, an expert told accountants at a recent event.
“Is your WiFi network just low-hanging fruit for bad guys?” asked security expert Rolfe Pope, in a session titled ““Locking Down Your WiFi Network Security” at the California Accounting and Business Show this week -- and then proceeded to detail exactly how vulnerable WiFi networks can be.
Using four different scanning programs that are available free on the Web, Pope, a consultant and advisor with over 30 years experience managing and advising on network security, including work at the Department of Defense, described how he was able to scan WiFi networks at an airport gate, a coffee shop, and a hotel, and to find identifying information and even login names for a wide range of attached devices, from traveller’s iPhones and laptops to local printers and even cash registers. With similar information from your firm’s WiFi network, hackers can hijack your network, steal or change client data, or use your network to attack others.
“It’s true that hackers can break into your security, but if you do some simple things, it makes it much harder for them,” Pope said.
Among the tips that Pope and his co-presenter Adrian Stern offered the audience:
- Hide your network. The Service Set Identifier or SSID for most networks is broadcast -- it’s the name you see when you go looking for WiFi networks -- but you can set your router to not broadcast the name, so that the only people who can access your network are those to whom you’ve told it’s name.
- Camoflauge your network. Pope actually recommends this over hiding your network, since there are ways to find even hidden networks, and hackers assume something that’s hidden must be valuable. Instead, give it a meaningless name, a random string of letters and numbers, rather than “XYZFirmNetwork.”
- Set up two networks. Stern, a CPA, CFF and a partner at Clumeck Stern Schenkelberg & Getzoff, said that his firm has established both an inside network and an outside or guest network on its router. The guest network -- set up outside the firm’s firewall, forestalls hackers, and also prevents guests from inadvertently infecting the firm’s internal system with viruses.
- Upgrade your security. “Usually you want to disable the built-in WiFi network security, since it’s relatively easy to hack,” Pope said. Set your encryption levels to the WPA2 standard -- currently the strongest.
- Get a good router. While you can buy cheap routers, Stern said that their security is often weak or unreliable. A good router can run anywhere from $500 to $1,500, he suggested, and is worth the price for the protection it can offer.
- Be careful with all of your devices. Many have multiple points to connect to a network, and you want to turn off or disable all unused points of connection. Stern told a story about being able to wirelessly access the color printer of a tenant of his through an unprotected network connection. “You don’t want your printer broadcasting to the world,” he said. “The printer you bought five years ago doesn’t have the best security.”)
- Consider going further. All computers have a Media Access Control, or MAC, address that is absolutely unique to them; small firms, or those that are particularly concerned about security, can set up their networks to only all devices with approved MAC addresses to connect to them.