Free Wi-Fi & Business Network Security

As a small business owner, you know that you must keep both your business’ and your customers’ needs in mind. But how do you maintain your business’ security when the goal is to satisfy your customers?

If your business has regular customer traffic, you may have Wi-Fi needs (i.e. free Wi-Fi network for guests) outside of your internal business operations. Other businesses may solely need Wi-Fi or wired networks for their internal business systems and employees.

How many networks does my business need?

No matter what type of business you run, your security goals remain the same: always keep your sensitive business, customer, client and employee data secure. Utilizing networks within your business properly can help you achieve both your business’ internal needs and keep your customers happy.

Step 1: Know your business’ network needs first

Before you even begin setting up or updating your business’ networks, it’s important you first map out your internal network needs.

  • Does your business handle sensitive customer information like personal or financial data?
  • Are there areas within your business that only certain people should access?
  • Who will be connecting to your networks?
  • What types of devices will be connecting to your networks?
  • Is there a need for a guest Wi-Fi network for your customers and/or visitors?

Businesses like coffee shops, gyms and other places with daily foot traffic may benefit from offering free Wi-Fi for their customers. But keep in mind that adding extra networks you don’t need can increase your risk of misconfiguring them – leaving you even more vulnerable to cyberattacks. These questions can help you figure out what your business network(s) need, and more importantly, what it doesn’t need. Start thinking about the different types of data you collect and who would need access to it.

Networks can be thought of in two ways: different rooms within a house, or different houses within a neighborhood. In a business, you want your networks to act as different houses within a neighborhood. In other words, each network should be configured separately – where access to one [network] does not determine access to another.

– Chris Knoche, EZShield Security Expert

Step 2: Acquire proper technology

Once you’ve solidified your business’ network needs (or what it could be missing), it’s time to shop for the devices that will make your network visions possible.

Devices like business-class routers offer more capabilities to break up, or segment networks that home devices would not typically provide. However, some business owners may opt to use routers that are meant for home use simply because they are easier to use and typically less expensive.

Using business-class network devices can often be more complex because it allows for more customization, segmentation and other additional features. Be sure that you are properly configuring these devices (or that your security/IT team is equipped to configure them) to decrease your chance of a cyberattack via misconfiguration vulnerability.

Step 3: Segment your networks; keep access
“need to know”

Your business should ideally have separate networks allocated for different types of data, devices and uses. Networks can be segmented in different ways depending on the network needs and information gathered. No matter what type of small business, it’s good to know:

  • What information you send, receive and store via wireless or wired business networks
  • Who has access to that information
  • Who does not have access to that information

A good rule of thumb when it comes to implementing multiple networks in your business is to only add what is necessary.

Any business that hosts a website, portal or other channels that bring inbound traffic from the Internet should be on a separate network. If your business offers free Wi-Fi for customers or visitors, be sure it is separate from your internal business networks. The idea is that you want to prevent inbound traffic from public Wi-Fi networks or publicly-hosted sites from accessing your sensitive networks.

Implementing a Bring Your Own Device (BYOD) program for your employees can also help manage device access within your business. Overall, consider segmenting your network access into three main groups:

  • Trusted, business-managed devices
  • Trusted, personal devices
  • Untrusted devices

EZShield IT/Security Tip: If your business uses network appliances, or so-called “Internet of Things” (IoT) devices (i.e. video surveillance systems, VoIP or networked fax machines), we suggest that you add a fourth network group to isolate these devices.

How to: Offer Free Wi-Fi to Your Guests

  • Set up a password-protected Wi-Fi network separate from your other business networks. Provide the password to your patrons, and change the password at least once a month.
  • Require users to agree to an acceptable use policy before connecting to your free Wi-Fi network. Remember, you are accountable for the traffic you generate within your business’ networks, public or not.
  • If you don’t need it, don’t implement it.

Business Security Key Takeaways:

  1. Business networks will differ for each organization depending on the type of data collected and access to that data. Isolate and compartmentalize your networks based on data collected and need for access.
  2. If your business doesn’t need to offer free Wi-Fi, don’t. Knoche states that offering free Wi-Fi is like “sticking a network cable outside of your building for anyone that walks by.” Be sure that it’s properly secured so that access is only granted to those who should have it.
  3. No matter what type of network your business uses, new software vulnerabilities are found every day. Be sure you are keeping your devices patched with the latest versions of software and operating systems.
  4. Keep access to sensitive internal business information on a “need to know” basis. Create different levels of access from the inside out, which can be thought of as a “ring of trust.”
  5. It’s extremely important to properly configure your networks and devices. Be sure that you are using business-class hardware, and that your security team is equipped to configure them. Our team suggests Ubiquiti, Mikrotik, Netgear and Cisco when looking for quality business-class routers and other network devices.

Continue following Fighting Identity Crimes for the latest breach and scam news, as well as ID protection tips for consumers and small business owners offered by our industry experts.