Increasing risk potential
Today, it is generally assumed that a WLAN will run for five years. Therefore, it should meet the technical requirements and cover the business needs for this period. However, one of the most important factors is security. This is all the more true when, as in hotels, airports or shopping centers, guests and visitors also have access to the network.
With the steadily growing number of end devices that access networks wirelessly, the number of possible gateways for cyberattacks is also increasing. A corporate WLAN is a welcome weak point in the IT infrastructure for potential attackers. If no efficient security measures are taken here, immense damage can result. These include the loss of confidential company and customer data (which often leads to a loss of image), economic and industrial espionage, service interruptions and, last but not least, a violation of legal requirements.
Risk potential for employees
The first source of danger is your own employees. On the one hand, the number of mobile devices used, such as smartphones, tablets and notebooks, is growing – for example through field work or working from homethe end. On the other hand, there is an increased risk from private devices that are based on the motto “Bring Your Own Device” ( ) can be used within the company network. These private end devices are usually difficult or impossible to control by administrators, but they can access sensitive data with the access data of the respective employee.
Potential risk to guests and visitors
Companies that also make their WLAN available to guests and visitors open up a second source of danger. It can quickly happen that a visitor logs in with an infected mobile device. This problem can be solved by providing a separate subnet for guests and activating client isolation on the router. This ensures that external users can only connect to the router. You will not be given access to open ports or devices from other guests.
Holistic approach to corporate WiFi
WLAN solutions for companies should follow a holistic approach that includes every component in the network and at the endpoint, but also the access points. This enables administrators to monitor the data traffic of both internal and external devices. Automatisms can ensure that irregular or harmful behavior is recognized and eliminated, e.g. an infected tablet is isolated from the network.
The factory settings of newly purchased and freshly installed routers and access points often do not offer sufficient security. Encryption should therefore be activated in order to prevent unauthorized persons from accessing the company network. It must be ensured that the type of encryption is up-to-date. So-called WEP encryption (Wired Equivalent Privacy), which hackers can easily overcome today, still runs on older routers.
The most secure solution for companies is currently the enterprise mode of WPA2. It is a bit complicated to set up and requires a server, but it is fairly secure. Every WLAN user receives their own username and password for their network access. A universal security key does not exist in Enterprise mode. One advantage of this process is: If a device is lost or an employee leaves the company, only a password has to be changed on the server.
Use service providers
Reliable and secure WLAN solutions have meanwhile also become essential for small and medium-sized enterprises (SMEs). For them, it usually makes more sense to commission an external service provider who offers a complete WLAN service than to deal with the topic themselves. Because they often do not have the financial and human resources to manage their WLAN intelligently and operate it securely. A professional WLAN service provider not only provides the complete infrastructure, but also provides support during the planning phase, takes care of WLAN management, regular updates and provides a hotline for questions and problems.