If you’re making technology improvements to get an edge over the competition, or just adding an online CRM service or collaboration tool to boost productivity, the unpleasant side effect is they can leave you vulnerable to cyberattacks. A single network security breach can have a devastating impact on your business, resulting in financial losses that could damage your reputation, credit score, or customer confidence.
These breaches take place regularly and wreak havoc for companies of all sizes and no one is too small—or too big—of a target. Unfortunately, limited budget and IT resources along with competing priorities can make an enterprise-grade security solution unlikely for most midsized businesses. You’ll need to look for options that start with a smart, secure network platform that includes all the basic features needed to protect your organization – without adding costly hardware or licensing.
Here’s my list of what to look for when evaluating your next network purchase and why.
Wi-Fi certified enhanced authentication security. To protect your users, Wi-Fi Protected Access (WPA) provides sophisticated data encryption and user authentication. Many access points on the market support the WPA2 standard as their primary authentication and encryption mechanism for wireless connections. However, security vulnerabilities have recently been uncovered in WPA2 that expose networks and clients to potential password phishing attacks.
We’re seeing lots of dictionary attacks on WPA/WPA2 networks, where brute force methods are used to systematically try and break into a password-protected network. The latest and greatest WPA3 standard can help guard against these common attacks and more.
You also want to make sure that Wi-Fi Enhanced Open™ with Opportunistic Wireless Encryption (OWE) is supported. This offers protection for environments like coffee shops, airports, hotels, and sports arenas, where guests would access the Internet. In these environments, Wi-Fi Enhanced Open™ improves data privacy while maintaining convenience and ease-of-use. It also protects against passive eavesdropping without requiring a password or extra steps to join the network.
Robust identity-based access control features. To ensure users only get access to the appropriate areas of the network, your network should have strong, flexible user identity verification features, including multiple types of sign-in credentials and two-factor authentication. This ensures a user must provide two types of identification such as a password or PIN and a security token or ID card. Group-based policy enforcement for network access and role-based system administration are two additional features that make sure appropriate privileges are applied.
Multi-tiered policy enforcement. While firewalls have been protecting networks for decades, they aren’t all built the same. The problem with traditional firewalls that leverage IP-based VLANs is that they only become active after a user or device is admitted to the network. They do not help during the connection of devices. This gap can lead to advanced attacks.
Today, a network solution with a built-in firewall covers this vulnerability by using identity, traffic attributes, and other security context to centrally control access privileges at the time of initial connection. The ability to enforce application-layer security, prioritization, traffic forwarding, and network performance policies will significantly raise your security posture. You’ll also want a firewall that uses deep packet inspection to classify thousands of applications to improve the performance of business-critical and latency-sensitive applications that use voice and video. The ability to integrate with advanced security solutions to further elevate the security posture of your network and devices is also a must.
WIPS with true 24×7 security monitoring on both bands. The primary purpose of wireless intrusion prevention security (WIPS) is to prevent unauthorized wireless devices from accessing local area networks and other assets. WIPS makes sure that a rogue access point, possibly brought in by an employee, doesn’t expose your network. WIPS also identifies and mitigates potential attacks on client devices and infrastructure by blocking unauthorized access on your WLAN.
For peace of mind you will want around-the-clock protection on both the 2.4GHz band and 5GHz Wi-Fi bands. For some, dedicating a third radio on an AP for security may seem like a good solution. However, that approach would leave you vulnerable 50% of the time on each band, and anomalies would take much longer to find – increasing your risk of compromise. Dedicating a dual radio access point to full time scanning on both bands will solve this issue and make your network more secure.
Web content filtering. Network admins have relied on web content filtering to prevent users from accessing unauthorized content and sites. Today, WLAN solutions should include the ability to filter, classify, and enforce policies based on web URLs and IP addresses.
However, keeping up with the seemingly endless list of internet sites popping up every day is a formidable task unless you leverage a database that is constantly maintained by web content experts. The network you choose should integrate with a comprehensive web content filtering service that can be easily added without requiring additional network hardware.
Integration with advanced security solutions. Here’s one more tip. To stage your network expansion, find a network provider that offers advanced security offerings that meet the growing needs of your business, for now and in the future. The solution should also integrate easily with third-party solutions to save you from dealing with features that don’t work together. This will also keep you from wrangling multiple vendors for support and addressing compatibility issues. No one needs those frustrations.
While these are just a few tips, I believe that they are must haves. Knowing what to look for will help ensure that your network and your users stay secure and protected.