9 FAQs on Cyber-Security: Tips & Best Practice from WiFi Experts
Security isn't an afterthought to your network, it's a fundamental part of your infrastructure that cannot be overlooked, inadequately understood or poorly maintained.
Below we answer the most frequently asked questions when it comes to all things cyber-security, from the most common risks to best practice and hardware recommendations.
What are the most common cyber risks?
- Wi-Fi hotpots. Data passing through a public networks can easily be intercepted, risking the security of your data, digital identity, and financial information.
- Network failures & downtime. Hackers can jump on opportune moments to get access to your network, so ensuring system failures are avoided, good cybersecurity management is key.
- Data breaches. Either through hackers or employee negligence/error, incidents frequently occur where sensitive or confidential data is viewed, copied, shared or stolen.
- Intellectual Property. A huge concern for businesses, hacks into intellectual property can cost far more than simple bank fraud.
- IoT. Each device that is connected to your network is a possible breach point for hackers. Smaller devices such as smart cameras and doorlocks offer poor security and are often not updated regularly to ensure the latest protection is in place.
What are the most common types of cyber attack?
- Malware. One of the oldest forms of cyberattacks; replicating/spreading viruses that can infiltrate and contaminate networks.
- Phishing/Smishing. Hackers often gain sensitive information such as login details, financial information and card details through misleading users through text messages, emails, phone calls and other communications. These attacks have seen a surge during the last 12 months as hackers prey on the increased use of devices, online services and remote logging in.
- Ransomware. A type of malware which locks devices, demanding payments or information before the computer is unlocked.
What are some of the most common security mistakes when it comes to Wi-Fi?
- Out-of-date firmware. Older firmware can contain bugs unpatched vulnerabilities which hackers can exploit.
- Using legacy standards. There have been many revisions to Wi-Fi security; WEP and WPA1 should be avoided in today's networks.
- Using weak passphrases. Weak passwords are vulnerable to cracking techniques; using longer passwords with upper case, lower case, numbers, and special characters will make your network much more secure. We also recommend regularly updating passwords.
- Rogue APs. These are often SOHO routers that have been in my staff to improve the Wi-Fi coverage. This creates a weak point in the network as devices are poorly configured and aren't regularly updated.
- Using EOL products. Products that are end of life will no longer receive updates, meanings they unlikely to get the latest security patches and features.
- Writing the passwords on the wall. This exposes your network to unauthorised access and allows a hacker to decrypt wireless frames because they have access to the password used by others.
- Adding guests to your own network. Guest users should be isolated from your network and should have their own SSID which can be properly secured.
What are WEP, WPA1, WPA2 and WPA3… what do they all mean, and which one should I use? Each of these are the different security options available for WI-Fi Networks.
- WEP and WPA1 are now considered legacy and should no longer be used in today's networks.
- WPA2 is still widely used and can offer good security when deployed with current best practices.
- WPA3 is the new kid on the block. It offers better security than WPA2; however, not all devices support WPA3, so it should be used with caution to ensure backward compatibility for older devices.
- Protect your network with secure IP routers and robust firewalls that only allow approved users access to your data, emails, apps and browsers.
- If you are accessing the network on-the-go, or remotely, ensure that you are using a secure Virtual Private Network (VPN) and/or your Operating System (OS) has a secure software firewall turned on.
- Install anti-virus and anti-malware software – and keep it up to the task with the latest updates. Network managers should install a robust IPD (intrusion protection device).
- Update all apps and operating systems (OS) with the latest security patches as quickly as possible. New risks are constantly cropping up (see our recent news alert on FragAttacks), so you need to close off any gaps in your security as soon as they are identified and a patch is made available.
- Avoid open SSIDs when possible (networks without passwords). When you do have to connect to an open SSID, use a VPN to encrypt traffic.
- Set strong passwords. Passwords should be unique to each app, and complex (12 or more characters with a mix of upper and lower case, numbers and special characters). Change passwords often (every 6 months at least), and never share passwords with other users.
- Enforce Multi-Factor Authentication (MFA) as much as possible.
- Practice safe web browsing habits, including blocking third party cookies, not saving passwords, regularly cleaning search history and use web browsers that fully comply with W3C standards. Avoid visiting websites without HTTP Secure status (displayed as HTTP) as this means their SSL certificate is no longer valid. Often your browser will show a padlock icon at the top to confirm the SSL is active.
- Practice safe email habits. This means keeping a close eye on fishing emails, spam, questionable links. Do not include sensitive or financial information in emails or any attachments. If you need to send these details, do so as an encrypted attachment and send the password separately in a different medium.
- Keep user data separate from applications and back up your data often
- Make sure that you thoroughly wipe any and all data from your devices and hardware (even down to the tiniest of things like external hard drives and USBs) if you are removing them from your network. Simply deleting files is not adequate as hackers can recover them.
- A site survey can identify a rogue access point and a wireless intrusion prevention system can also identify them and even take immediate action.
- The best security option currently available is using 802.1X authentication with EAP-TLS. This uses RADIUS to authenticate your users. Despite the high level of security, this might not be suitable for everyone. Feel free to contact our team and we can recommend what security solution is right for you.
- Yes we can offer a range of services tailored to your network and your requirements. Our highly skilled engineers can identify vulnerabilities in your network, advise on fixing them, and even implement those changes for you.
What is best practice for good cyber-hygiene?
How can I protect against rogue access points?
What is the best WiFi security option?