How to Maximize WPA2 Wi-Fi Security for Business Networks
What would happen if hackers got into your business network? How well protected are you against attacks, spies, thefts? Without a robust strategy for your WiFi security options, backed up by the best technology and protocols, your business could be extremely vulnerable – and as recent developments with WPA2 show, you can never be too careful.
Many Wi-Fi routers have security vulnerabilities. In fact, Tripwire found that 80% of the best-selling office routers on Amazon have known security problems, even before installation. Some of these problems include easy to hack default passwords, or no SSL security enabled.
In this article, we’ll explain which security protocols you need to protect your business’ WiFi and what additional steps you should take to maximize your security.
What is WPA and WPA2 Security?
WPA and WPA2 are security protocols used by your WiFi router. They each come with different levels of security.
What Is WPA?
Introduced in 2003, the WPA protocol replaced the previous one WEP, updated with TKIP for extra security, to make up for the fact that it used the RC4 stream cipher known to be insecure. It was a big step forward at the time but still left a lot to be desired – so much so, in fact, that that WPA2 came out within a year to replace it yet again.
What Is WPA2?
This went further than the new security measures of WPA, introducing a new AES standard to replace the dodgy RC4 cipher. TKIP was also replaced with CCMP to boost safety. This was a big breakthrough for security protocols – Microsoft immediately started encouraging users to scrap RC4 and even took it out of Windows entirely in 2013.
A lot of people thought WPA2 was unhackable – and it certainly had a good run. It was pretty shocking, then, when a WPA2 vulnerability came out of the woodwork recently.
An internet security researcher in Belgium discovered that it was possible to install a key that encrypts network communications and allows cybercriminals to get into your data, potentially stealing passwords, credit card info and other kinds of sensitive information that would spell disaster for your business.
Not only that, they would be able to take control of your network and plant malware – including the dreaded ransomware, which locks up important files and threatens to delete them unless you pay.
What Makes WPA2 Great for Business Networks?
This is obviously very worrying, even more so since no one’s managed to find a fix yet. At the same time, WPA2 is still the very best security protocol for businesses – and there are steps you can take to steel yourself against attacks, as we’ll discuss in a moment.
The encryption key vulnerability that’s been found in WPA2 is serious, but it’s also extremely difficult to exploit. It’s not as if every keyboard warrior with some coding under their belt will be able to tap into your business armed with this weapon. They’d need to be very, very good at it.
That’s not the case if you’re using a very old protocol like WEP, which is spectacularly easy for hackers to break. Or worse, if you have a completely unsecured network, in which case anyone can watch what you’re doing, tap into the network and take whatever they want. WPA is harder to break, but it’s not going to cut it if someone’s really determined.
Big organizations tend to take this stuff seriously; they’ll have dedicated IT departments with their fingers on the pulse of internet security and will know exactly which security protocols they use, and why. For small businesses, this is the kind of thing that gets forgotten about – or that no one really understands.
That’s exactly why small businesses are such soft targets for hackers. Don’t let that be you. Take this stuff seriously, because it is serious!
How To Maximize Your WPA2 WiFi Security Options
Choose the Right Encryption
As we’ve seen, not all security protocols are created equal, and within WPA2 there is some important variation.
I mentioned above that one of the ways WPA2 improved on WPA was by replacing the more hackable TKIP encryption with AES. I won’t go into why that’s important here, but suffice to say, no one should take the risk of using TKIP anymore.
WPA2 devices typically default to AES (as they should) but because some older systems were only set up to work with TKIP, you sometimes still see this as an option. If you’re given the choice, make sure yours is set up for WPA2-PSK (AES).
Set Strong Passwords
No amount of encryption can help you if you’ve set yourself an easy-to-crack WiFi password! Choose something that’s hard to guess and change it regularly. If you let customers use your WiFi, make sure you use different networks for this public WiFi and for the one you use to store and access any sensitive data at work.
Use Robust AntiVirus Software
Most importantly, back up your WPA2 encryption with powerful AV technology. Choose one that provides an excellent firewall, stopping anything from being sent across the network without your permission. The best AV software will quarantine malware, help you keep your system clean and notify you of anything suspicious in real time. We’ll give you some recommendations in the next section
Use a VPN
VPNs give you an extra layer of protection and security when you’re worried your WiFi connection could be at risk. By anonymizing your browsing, hackers on the same WiFi network can’t spy on what you’re doing or get into your network this way. If you are at all concerned about others using your network, or if you need to share the password with people you don’t trust implicitly, VPNs provide excellent peace of mind. Even better, many AV systems include them as a feature.
Best AntiVirus Software for WPA2 Security
The following four AV platforms go well beyond basic internet security, providing features that support your WPA2 encryption.
McAfee has come a long way in the past few years. While it’s been one of the best-known brands for decades, it had fallen behind a lot of competitors for a little while there – but its 2019 has made some major improvements. Much of this has been to its general antivirus and malware detection features, but there are others of specific interest to people worried about a WPA2-related hack.
Let’s start with the powerful Ransom Guard feature. This immediately starts copying files that are under attack if it detects ransomware at work, trying to encrypt it. Only once it’s got rid of the threat does the program start putting back the original contents of the files.
Already fallen victim to a ransomware attack? All is not lost. With the help of its No More Ransom resource, McAfee will help you to track down a key to remove over 70 known types of ransomware, including the dreaded Cry123 and Amnesia.
There’s also a file lock feature to help you get extra protection for sensitive files.
A bunch of other features will help you improve the performance of your work devices. The PC Boost system-optimization package, for example, helps you move around system resources to stop background videos from playing and support the most important applications, for example. You can also shred sensitive files so that hackers can’t bring them back from the dead (it happens) and make sure you always have the most up to date software.
Note that McAfee can only be rolled out on a maximum of five devices though, even if you’re opting for the most complete internet security packages. If you’re running a small business and need more devices than that to be covered by one license, it might not be the perfect fit.
Importantly, there’s also a robust, two-way firewall that checks all data as it tries to leave the system as well as vetting data entering the system, giving you extra protection against cyber attacks.
Think this could work for you? Read our full review of McAfee Antivirus here >>
When it comes to the basics of malware detection, quarantines, and virus removal, BitDefender is a highly reliable option. It routinely scores high in malware detection tests and its automated network threat prevention system fights round-the-clock to stave off any botnet attacks or brute-force entry attempts.
This is good news on its own. However, Bitdefender also goes well beyond this, offering a number of additional layers of protection, encryption, and anonymity to bolster the security provided by WPA2.
Among the most important new developments of BitDefender’s Total Security package is its VPN – something we talked about above as being a highly valuable addition to your internet security, especially if you’re worried about potential WPA2 weaknesses.
BitDefender also comes with a built-in firewall and the ability to add extra safety layers to sensitive files. Plus, there’s a Ransomware remediation too to help you fight back against hackers that try to take your valuable data hostage.
There’s also the unique Autopilot feature, which acts likes a personal assistant, automating recommendations for actions you should take to improve security and performance.
Think this could work for you? Read our full review of BitDefender Antivirus here >>
Providing comprehensive AV, privacy protection and software for tuning up performance, AVG Ultimate is a great option if you’re worried about filling in some of the security gaps left by the WPA2 vulnerability.
What’s more, it supports an unlimited number of devices with a single license, so it’s perfect for small businesses that need to support a team on a budget. Bear in mind though that one of the few downsides of AVG is that it doesn’t yet support iOS or Linux operating systems – but if your team sticks to PCs, Macs and Android devices, you’re totally covered.
Another way that AVG stretches your investment for small businesses is through its tune-up tools, which can help boost system performance, particularly if you’re using older PCs, as well as helping you make all your devices better able to resist an attack.
There are also flexible storage zones to help you add an extra layer of security for sensitive files stored on your local system. These are called Data Safes and are protected by powerful AES-256 encryption, preventing hackers from getting near your valuable data.
The Zen dashboard also gives you a centralized way to monitor all the devices connected to the antivirus and check on their performance and level of protection.
One of the most exciting features for those concerned about hackers is the sophisticated ransomware protection included in this package. Other top tools in the Internet Security package include private data protection, payment protection, security ratings for websites and Secure DNS to help you prevent against malicious redirects. Note that some of these features can take their toll on your browsing speed, though.
Plus, there’s a robust firewall, used to hide system ports from anyone outside your network. Again, this makes you much better protected against attack.
Think this could work for you? Read our full review of AVG Antivirus here >>
Avast is another excellent vendor to consider if you’re keen to go beyond the basics of antivirus and really support your WPA2 WiFi Security.
While many lay users find its comprehensive suite of security tools to be overkill for what they need, it’s just the ticket if you have sensitive data to protect and are serious about keeping it safe. That makes it particularly interesting to a lot of small businesses, too.
To start with the basic stuff, Avast’s malware detection is excellent and, in particular, it provides formidable protection against zero-day attacks – meaning the kind that have just come out of nowhere, so that the system hasn’t been told to look out for them.
There is also a decent array of features to help you quarantine suspicious-seeming applications or pages. This works using sandboxing, where a virtualization environment sections off anything that seems worrying until it can figure out if it’s safe. That prevents these pages, programs or applications from talking to each other or spreading malware into other parts of your system.
Best of all, the SecureLine VPN features are convenient, easy to use and provide much-needed extra protection. You can choose whether to stay on this private VPN connection or switch to public browsing at any time and there are handy prompts to help you decide.
In fact, the quality of the VPN and the way it’s built in seamlessly to the AV software to prevent against friction is a big draw. A lot of people and companies get bogged down in trying to stop their AV from blocking VPN connections when the two are separate. Note that while you don’t have to set up the VPN separately, you will be billed separately for the subscription service.
The top-of-the-range versions of Avast’s software also come with Ransomware protection and a handy firewall which is set up to automatically allow VPN connections.
There are a couple of niggles to think about, though. The interface can be a little confusing to use, what with all those features to navigate through – useful as they are. You need to use Google Chrome for many security features, which some people find limiting.
Most significantly, you have to pay extra for technical support. While this is far from ideal, Avast’s strengths mean that you may well decide it’s worth the extra expenditure.
Is That Device Up to Scratch?
It’s important to remember that it’s not just your security protocol that can open you up to problems. A study in 2014, long after WPA2 became standard, found that 4 in 5 top selling office routers on Amazon had serious security issues, like easy-to-hack default passwords (which a lot of people never get around to changing) or a lack of SSL security.
What’s more, it’s no longer just your router, your team’s laptops, a handful of smartphones and the office printer you need to worry about. The rise of smart devices connected through the Internet of Things means that pretty much everything in your office runs through your WiFi these days, from your vending machines to your lighting systems, virtual assistants and CCTV camera systems.
It doesn’t matter how much effort you put into bolding and reinforcing the door through WPA2 security on your router, if these other devices aren’t all encrypted – which they rarely are – you’re essentially leaving a window wide open the whole time.
Whatever approach you take to improving your security, remember that keeping your business protected is all about staying vigilant. New hacks, bugs, and malware are being invented all the time and it only takes one successful breach to send your business into chaos.
Keep an eye on developments in the sector, always make sure you’re using the latest and best security encryptions and make the most of all the security features your antivirus software has to offer – and, if in doubt, you can find out more about the best antivirus software here.
I trust the only name I know there, Norton!
You know that some of us aren’t computer experts. What is RC4, TKIP, R2D2, NAACP and all these other acronyms you’re throwing out there? KISS with the facts mam.
Hi, and thanks for bringing the issue up with us! We try to make our articles as accessible as possible, but we know sometimes it’s difficult because of all the terminology related to the field (which is admittedly complex). We’ll keep an eye out in the future, and make sure to try to explain, or at least spell out, what each acronym means. To more specifically answer your question, RC4 (Rivest Cipher 4) is a specific function used in modern encryption systems; TKIP (Temporal Key Integrity Protocol) is a security protocol used to cover a transition between hardware and software systems, but which is no longer considered safe. R2D2 stands for 2nd generation Robotic Droid Series-2 (or Reel 2, Dialogue 2, depending on who you ask), while the NAACP is the National Association for the Advancement of Colored Peoples. We’ll try harder to include definitions in our articles to make sure everyone understands them. Again, thanks for bringing it up!