You can significantly reduce this risk by making a few im- portant changes to your net- work configuration.
n STEP 1:
Secure Administrator Access
Start by setting a strong password for
administrative access to your wireless
router. Many networks are breached
because the default password was
never changed. You will need to log in
to your router’s configuration website
to reset this password and update the
other security options discussed in
For most wireless routers, you access
this website by entering “192.168.1.1”
or “192.168.0.1” into your browser
address bar. (Make sure you are connected to your network first, either via
an Ethernet cable or Wi-Fi.)
With administrator access locked
down, you should now secure access
to the network itself. Most wireless
routers today support a primary Wi-Fi
network, one or more guest networks,
and wired local network (LAN) ports to
connect directly to the router.
We recommend that you keep your
office devices and staff on the primary
Wi-Fi (your “private” Wi-Fi network) or
LAN, and use a guest network for any
clients or visitors who need internet
n STEP 2:
Enforce Wi-Fi Authentication
Access to all of your Wi-Fi networks
needs to be password-protected. For
small businesses, the predominant
standard is referred to as WPA2-PSK or
WPA2-Personal, or just WPA2. (WPA2-
Enterprise can provide more flexible
authentication options for larger prac-
tices with many users, but requires
additional configuration, which may
require IT services.) With WPA2-PSK, a
shared password is used to access the
network. Use your password manager
to generate a different, strong pass-
word for both your private and guest
From your browser, you will need to
find the wireless settings section of
your router’s configuration. For each
wireless network, you should:
w Set a network name, or SSID.
This is what users will see when
they choose from available wireless networks. Clearly differentiate your private and guest network names.
w Choose “WPA2-PSK” for the network authentication method and
“AES” for the encryption method.
Depending on your router, these
may be grouped together or split
into two separate options, and
they may use different labels like
“WPA2-Personal” or “WPA2”. Do
not use “WEP”, “WPA” (without
the “ 2”), or “TKIP” (without “AES”
included) since these options are
less secure and may be easily
w Enter the password you generated for the network, also known
as the pre-shared key.
n STEP 3:
Limit Guest Access
Your guest network is there to keep
your clients and visitors separate
from your private network — and
out-of-reach of your confidential information. If you’re not careful, however, you may inadvertently allow
your guests much greater access.
When configuring your guest network, you may see an option to allow guests to access your LAN, local
network, or intranet. Make sure you
do not allow LAN access so that your
guests cannot reach office systems
that are wired directly to the router.
n STEP 4:
Keep in mind that wireless routers
can typically be reset to their factory configuration with the push of a
button or a straightened paperclip.
Once reset, the default password
is the only defense between an attacker and your network.
If possible, keep your wireless
router in a locked enclosure or cabinet with the reset mechanism inaccessible.
After completing these steps, you
will have locked down access to
your network configuration and created a secure way to connect your
staff and clients to the network resources they need.
AMY PORTER, CEO AFFINIPAY/LAWPAY
The LawPay Program is a custom payment solution designed for
attorneys. LawPay complies with ABA and state requirements for
managing client funds.
Members of the State Bar of Arizona save up to 20–25% off
standard credit card fees. To learn more, call 866-376-0950 or
go to www.lawpay.com/azbar.
Wi-Fi networks make it easy to connect the systems in your practice,
Fortify Your Network
both to each other and the outside world.
However, they often make it easy for an intruder to gain access to
those same systems and the data therein.
LAW FIRM SECURITY STEP 3: