How to secure your office network

Every Wi-Fi network can be vulnerable to attack. Last year saw some pretty nasty exploits with Wi-Fi flaws such as KRACK - a vulnerability found in the WPA2 security protocol impacting most modern Wi-Fi routers - and of course various data breaches affecting huge companies like Equifax and Deloitte.

To help you make sure your office network is secure, we offer some tips.

Read next: How to respond to a security breach.

Additional reporting by Hannah Williams.

Use an uncommon SSID network name
iStock

Use an uncommon SSID network name

Using a common service set identifier (SSID) is an easy gateway for hackers to gain access into any network. As one of the most basic Wi-Fi network settings, it is advised to refrain from using a name that would be an easy guess, such as the business or default vendor name.

Particularly if your office is located in a shared building, hackers are more likely to target the one that stands out as the easiest to identify.

Additionally, it is important to understand that simply turning off the SSID broadcast still gives hackers with the right tools access through other network traffic.

Encrypt your Wi-Fi
iStock

Encrypt your Wi-Fi

Another option is to encrypt your Wi-Fi so that the network is not open for anyone to easily connect.

To do this, it is a good idea to use the enterprise mode of WPA or WPA2 security for your office network. This is so that employees won’t be able to see the encryption password. It also reduces the chance of being hacked as the password won’t be stored on multiple computers or devices if they are lost or stolen.

The enterprise mode, or WPA-Enterprise, uses 802.1X authentication. It is the advised mode for business networks, although it is more complicated to set up than the personal mode. WPA-Enterprise users will need to provide login credentials to access the network.

Some networks may require a separate RADIUS (Remote Authentication Dial-In User Service) authentication server, while a few access points include a built-in RADIUS server.

Create a BYOD handbook

Create a BYOD handbook

An increasing amount of businesses are adopting 'bring your own device' or BYOD policies to save money on expensive hardware and offer freedom to employees that often work out of the office or at home.

But this kind of policy can lead to a multitude of security issues. Mixing business and personal laptop use might bring in viruses to your office network.

It also means relying on employees' cybersecurity know-how and trusting them to follow the correct protocols.

To alleviate some of the stress associated with this, you should create a BYOD handbook which lists all the do's and don'ts. Make sure you list certain security features that they should have on their internet-connected devices, such as VPNs and antivirus.

If you have the budget you could supply the security software for your employees' BYOD machines and make sure they go through a 'security MOT' from time to time.

Choose a firewall and restrict access
iStock

Choose a firewall and restrict access

Most businesses have a corporate firewall in place and restricting employee access, i.e. which individual PCs and specific websites can pass through the firewall, is an important step in securing an office network.

What's more, some firewalls come with an integrated VPN - providing even more protection - due to the encryption a VPN offers.

Businesses without VPNs should install one across their office network, as it can be used as a security barrier between employee PCs and the server, making their computer work across an encrypted passageway when accessing the server.

There are free options available but businesses and larger enterprises should use a paid-for large-scale VPN to offer optimum protection.

Full list of top paid-for VPNs

Update your antivirus daily
iStock

Update your antivirus daily

Like most things in life, regular maintenance is vital to keep everything in good, running order. A daily antivirus update will stop any unexpected drop in your protection, from hackers disabling automatic updates to a new threat not covered by your current protection.

Rather than businesses keeping up with the latest antivirus software, they need to be keeping up with emerging threats, the latest virus and daily software updates will help businesses stay on top of this.

Here are some recommendations for antivirus software for small businesses.

Restrict access to the server
iStock

Restrict access to the server

Servers can be separated into various compartments and sectioned for each department within your business, so each computer and employee login should only have access to relevant parts of the server.

Businesses should also disable the accounts of ex-employees to limit the chance of a hacker getting in via an inactive account, or potentially a scorned ex-worker performing malicious activities within the office network.

Only allow approved laptops access to the servers
iStock

Only allow approved laptops access to the servers

While businesses can restrict access to certain files on the server, they should also consider excluding non-approved external laptops, tablets and smart devices.

This will mean that employees can view information on the server from their office PC but if they bring in a foreign device it only has access to guest Wi-Fi and has absolutely no access to the server unless it is approved by the office manager or the IT administrator.

This is just another step in protecting the data saved on the office server.

Block websites
iStock

Block websites

Restricting employee use of the internet could protect the office network from viruses and malicious content found on some websites, and help speed up overall connectivity.

There are numerous ways to block potentially malicious websites but the most common is either via the router or though individual IP addresses and firewall filtering.

Every firewall is different but most websites can be blocked via a 'filtering' tab. Here's how to block websites via the office router.

Copyright © 2018 IDG Communications, Inc.