You can significantly reduce this risk by making a few im- portant changes to your net- work configuration.

n STEP 1: Secure Administrator Access

Start by setting a strong password for administrative access to your wireless router. Many networks are breached because the default password was never changed. You will need to log in to your router’s configuration website to reset this password and update the other security options discussed in this tip.

For most wireless routers, you access this website by entering “192.168.1.1” or “192.168.0.1” into your browser address bar. (Make sure you are connected to your network first, either via an Ethernet cable or Wi-Fi.)

With administrator access locked down, you should now secure access to the network itself. Most wireless routers today support a primary Wi-Fi network, one or more guest networks, and wired local network (LAN) ports to connect directly to the router.

We recommend that you keep your office devices and staff on the primary Wi-Fi (your “private” Wi-Fi network) or LAN, and use a guest network for any clients or visitors who need internet access.

n STEP 2:

Enforce Wi-Fi Authentication

Access to all of your Wi-Fi networks
needs to be password-protected. For
small businesses, the predominant
standard is referred to as WPA2-PSK or
WPA2-Personal, or just WPA2. (WPA2-
Enterprise can provide more flexible
authentication options for larger prac-
tices with many users, but requires
additional configuration, which may
require IT services.) With WPA2-PSK, a
shared password is used to access the
network. Use your password manager
to generate a different, strong pass-
word for both your private and guest
Wi-Fi networks.
From your browser, you will need to
find the wireless settings section of
your router’s configuration. For each
wireless network, you should:

w Set a network name, or SSID. This is what users will see when they choose from available wireless networks. Clearly differentiate your private and guest network names.

w Choose “WPA2-PSK” for the network authentication method and “AES” for the encryption method. Depending on your router, these may be grouped together or split into two separate options, and they may use different labels like “WPA2-Personal” or “WPA2”. Do not use “WEP”, “WPA” (without the “ 2”), or “TKIP” (without “AES” included) since these options are less secure and may be easily circumvented.

w Enter the password you generated for the network, also known as the pre-shared key.

n STEP 3:

Limit Guest Access

Your guest network is there to keep your clients and visitors separate from your private network — and out-of-reach of your confidential information. If you’re not careful, however, you may inadvertently allow your guests much greater access.

When configuring your guest network, you may see an option to allow guests to access your LAN, local network, or intranet. Make sure you do not allow LAN access so that your guests cannot reach office systems that are wired directly to the router.

n STEP 4:

Physical Security

Keep in mind that wireless routers can typically be reset to their factory configuration with the push of a button or a straightened paperclip. Once reset, the default password is the only defense between an attacker and your network.

If possible, keep your wireless router in a locked enclosure or cabinet with the reset mechanism inaccessible.

n SUMMARY

After completing these steps, you will have locked down access to your network configuration and created a secure way to connect your staff and clients to the network resources they need.

AMY PORTER, CEO AFFINIPAY/LAWPAY

The LawPay Program is a custom payment solution designed for attorneys. LawPay complies with ABA and state requirements for managing client funds.

Members of the State Bar of Arizona save up to 20–25% off standard credit card fees. To learn more, call 866-376-0950 or go to www.lawpay.com/azbar.