How to Maximize WPA2 Wi-Fi Security for Business Networks
The recent WPA2 hack by KRACK proved that even when we think our Wi-Fi is safe, that really might not be the case.
We all know that business Wi-Fi needs to be fail-safe. How are you going to ensure that your network is bullet-proof?
Wi-Fi security is an absolute essential for any business. And more networks than you think are insecure. Hackers have ingenious ways of gaining access to your system, but if your security isn’t up to scratch, they won’t need to use them.
One way which attackers can strike is by what’s called Wardriving. Here, they physically drive within proximity to your Wi-Fi and hope to find an unsecured network. Small businesses often have lower security standards, so they usually strike it lucky pretty quickly. In one case, hackers found a business which had encryption that was outdated, and they used their opportunity to take payroll data and credit card information. In one study, almost 30% of businesses had no encryption at all or were using WEP, which is easily broken. 52% were using WPA, which is not recommended by security professionals.
Many Wi-Fi routers have security vulnerabilities. In fact, Tripwire found that 80% of the best-selling office routers on Amazon have known security problems, even before installation. Some of these problems include easy to hack default passwords, or no SSL security enabled.
More recently, there is also the risk which comes from the IoT. The Internet of Things covers all connected devices, which includes smartphones and tablets, but also smart lighting, modern CCTV cameras, Amazon Alexa or other virtual assistants and basically anything connected to the web. Everything is becoming more connected, and just as these systems can be used to send data, they can also receive malicious traffic. 70% of IoT devices do not use encryption, so in many ways, you’re a sitting duck.
WPA2 Wi-Fi: It was Supposed to Be Safe
There are multiple security protocols which wireless routers use to keep your business safe, and they come with different levels of security. The most common are WPA and WPA2.
WPA was developed in 2003, to replace the old protocol WEP. It uses the known insecure RC4 stream cipher but updated with TKIP for extra security. It was a lot better than WEP, but it was quickly replaced in 2004 for the safer, WPA2. Unlike WPA it replaced the RC4 cipher with the new AES standard, and also replaced TKIP with CCMP. Microsoft urged all of their users to disable the RC4 protocol entirely, removing it from Windows in 2013.
The ‘Titanic’ of Wi-Fi protocols, recent news about a WPA2 vulnerability has shocked the security community. While they thought it could never sink, it appears it isn’t unhackable after all. Researcher Mathy Vanhoef from Belgium has found a way to install a new and dangerous “key” which can encrypt communications on the network and allow attackers access to your data. From passwords to credit card and identity information, nothing is safe. And if hackers do gain control of your network, they can inject malware, too. While the professor says the attack is not easy to do, he anticipates tools being built soon which could become part of the criminal Ransomware-as-a-service infrastructure.
As of now, while Google, Microsoft, and Apple are scrambling for a solution, there is no patch for this problem.
Best Antivirus for WPA2 Wi-Fi Protection
While this sounds like dire news, there are some things that you can do to keep yourself safer from attack. An antivirus solution can offer some peace of mind, by providing a strong firewall, so that nothing can be sent out over your network without your permission. Some antivirus also comes with a VPN, which while the Wi-Fi is compromised, may be a smart way to browse. Of course, the top antivirus solutions will also notice anything unusual in real time, quarantining any malware and keeping your system clean.
TotalAV comes with a VPN, so offers a safe way to browse while the WPA2 vulnerability is happening, plus has new and improved ransomware protection, getting ahead of any Ransomware-as-a-service attacks which might occur due to this breach. They also have advanced two-way firewall protection, which should stop unwanted traffic in your network. All of this costs just $19.95 and comes with a 30-day money back guarantee.
The Norton antivirus solution is $54.99 for an annual subscription, and their website offers specific protection from the KRACKs vulnerability with their VPN. They also currently protect every single one of the Fortune 500, so you can bet they’re a great choice for business. The VPN does not come as part of Norton Security, but the price for both for 5 devices is $79.98 for the year, which still makes them a competitive choice.
If you’re worried about WPA2 breaches thanks to the connected nature of the IoT, ScanGuard might be the right choice for your business. They cover a broad range of platforms, from Windows and Mac to iPhone, Android, Amazon, and Chrome OS. Their enhanced firewall is coming soon, and they already feature a VPN which will help you hide your IP for the time being. It’s $49 for the year, with a 30-day money back guarantee.
Panda has a firewall which it sells as blocking any unauthorized access to your computer. It also has specific Wi-Fi protection, which stops anyone accessing your network who you don’t want there. They are also known for excellent anti-malware tools, stopping trojans, DDoS attacks, and ransomware in their tracks. The complete protection costs $52.49 for three devices to have an annual subscription. There is, of course, a 30-day money back guarantee.
#5 PC Protect
PC Protect does have a VPN included in their antivirus solution, which has been recommended while the WPA2 vulnerability is still at large. They don’t offer a firewall over and above the Windows one, which is not the strongest out there by any means. The price is also $49 annually, with a 30-day guarantee if you have any buyer’s remorse.
The Bullguard Home Network Scanner is its most powerful tool against the WPA2 vulnerability. Every channel on your network is scanned in real-time, 24/7. This includes any connected devices, from virtual assistants to baby monitors. When a new device joins the crowd, a deep scan is immediately started. They have a strong firewall to keep intruders at bay, even while apps are downloading. Choose premium protection for $29.98 per year, and you’ll get Identity Protection too, putting your mind at rest until a patch arrives for the WPA2 exploit.
How to Secure Your WPA2 Wi-Fi for Business Networks at the Office?
As well as these great antivirus solutions, there are some other things you can do to stay protected on your business Wi-Fi. Turn down your broadcast power if you’ve noticed it spreads further than your office, especially in buildings that you share with others. Make sure to turn off WPS, as well as potentially disabling DHCP if that works for your business. Go to your router settings sporadically (around once per month should do it) and update your firmware. Hopefully, this WPA2 patch will arrive sooner than the attacks the vulnerability is likely to attract.