In previous articles we discussed how laptop computers and the office copy machine increase the risk of data security breaches. Another significant risk to an organization’s sensitive data is the wireless network. Since today’s workplaces are increasingly “going wireless,” the Federal Trade Commission recommends taking the following steps to protect wireless networks.
Understand how a wireless network works. Going wireless generally requires connecting an internet access point to a wireless router, which sends a signal through the air, sometimes as far as several hundred feet. Any computer within range can pull the signal from the air and access the internet. Unless precautions are taken, others can “piggyback” on the network or access information on the computer.
Use encryption. Encryption encodes the information so that it’s not accessible to others. It is the most effective way to secure a network. Two main types of encryption are available: Wi-Fi Protected Access (WPA) and Wired Equivalent Privacy (WEP). WPA2 is strongest so it should be used whenever possible. Since some older routers use the less secure WEP encryption, consider upgrading to a newer, more secure router. Note that wireless routers often come with the encryption feature turned off, so be sure to turn it on.
Use anti-virus and anti-spyware software. Since hackers are constantly developing new ways to attack computers and networks, security software is necessary. This software needs to be updated periodically so systems should be set to update automatically whenever possible.
Change the name of the router. The name of the router (often called the service set identifier or SSID) is likely to be a standard, default ID assigned by the manufacturer. Change the name to something private and unique.
Change the router’s pre-set password. Manufacturers typically assign a standard default password to a wireless router. Default passwords should be changed. Visit the manufacturer’s website to learn how to change the password.
Limit access to the wireless network. Every computer that is able to communicate with a network is assigned a unique Media Access Control (MAC) address. Wireless routers usually have a mechanism to allow only devices with particular MAC addresses to access the network. However, since MAC addresses can be mimicked, don’t rely on this step alone.
Turn off wireless network when it’s not being used. A wireless network cannot be accessed when it is turned off.
Be cautious when using a public wireless network. Many cafés, hotels, airports and other public places offer wireless networks for their customers to use. These “hot spots” are convenient, but they may not be secure.
Organizations should also consider protecting against data security breaches with insurance. Various cyber liability products are available to protect against privacy injuries, such as identity theft, and to cover the cost of complying with various data breach notice laws. Given the complexity of the risk, an experienced insurance agent should be consulted to ensure that adequate coverage is obtained. If you would like to learn more about insuring against data security breaches, contact us.
If you would like to learn more about preventing data security breaches, take our online course Information Risk Management: Strategies for Preventing and Mitigating Information Security Breaches.
If you’d like to subscribe to our weekly newsletters please click here.