Small business networks are often very liable to security issues. The fact the network is often implemented on a tight budget, can use older technology and that people often take risks means it can be leave itself open to be hacked. So, how do you prevent such issues?
1. Ensure that your wireless access points (AP) are encrypted. Many site surveys have revealed that 50 percent or more of all wireless networks are open to anybody to collect data or even collect sensitive data while seated in a car parked nearby. Some people play around with locking down their MAC addresses but this does get unwieldy and the better option is to use WPA2 encryption. WPA2 is much better than alternative encryption methods that are easy to break into.
2. Ensure that you hide your Service Set Identifier (SSID) if you have a wireless network. If not, at least try to change its name to something common. When announcing themselves to the world, all wireless routers need to have obscure IDs. Instead of putting in information that can make it easy to identify who is the owner of the router or that can reveal your business name or location such as “Veritable Systems, here on the 7th floor” or a product name such as “TrendyWear” consider using something innocuous such as ‘router 1’ or “wireless” that won’t reveal anything really important. In my previous apartment, some of my neighbors used apartment numbers for their IDs thus making it quite easy to identify whose router was there.
3. If your router whether wireless or wired used a Web management interface, consider disabling access from the external network advises IT and telecom supplier Alternative Networks. Also change the admin default password. It is easy to do both on most routers. You obviously would not like anybody else coming and reading your log files or changing your settings.
4. Ensure that you install antivirus software on all your PCs and if you are a Windows user add antispyware protection. This might seem obvious but it bears restating. While you are at it you can check to ensure that all your antivirus subscriptions are up-to-date. I have found this to be quite a common lapse especially among my neighbors.
5. If you are currently running a Web server on the LAN, be sure to put it on a DMZ. If the router does not have a DMZ, buy a new router. Better still, you can move to a collocation facility where somebody who is more knowledgeable can manage it. While having your own local Web server might sound like a good idea, it is a real security sinkhole. In addition, many cable companies have made it much harder to host your own from your home network. So, worry no more.
6. Talking about Web servers on the Internet, if you do have then then you should ensure that you scan for exploits regularly. Many websites can do this but two of my favorites are Qualys.com and SPIdynamics.com. In addition, you should always ensure that you keep track of the domain registry and regularly change your passwords. When updating your Web content, avoid using FTP or FrontPage (Microsoft’s Web page creation tool.) Rather, find more secure methods that will not send your access passwords in the clear. You should consider visiting OSWASP.org to learn about other ways of protecting your website.
7. In case your ISP offers this option, use a Virtual Private Network (VPN) for access to your remote Web server or back to your local LAN. VPNs are many to choose from ranging from the free OpenVPN.net to the cheap but capable ones from Fortinet and SonicWall that are designed for small business owners.