Security and Compliance

Security Series Part 3: Fortify Your Network

James Sparrow
July 26, 2017

Today, Wi-Fi networks are ubiquitous and crucial. In your accounting practice, they allow you to connect all of your office devices to one another as well as to shared hardware and storage. But an insecure network can serve as a gateway to your practice’s sensitive data for hackers and cyber-criminals. In this post, we’ll share some simple network configuration steps you can take to greatly reduce the risk of your Wi-Fi network being used to breach your systems.

To complete the security steps described below, you’ll need to configure your wireless router’s network settings.

To do this, first make sure you’re connected to your network via Ethernet or Wi-Fi; then access your router’s configuration website. For most routers, you can do this by entering “192.168.1.1” or “192.168.0.1” into your web browser’s address bar, as illustrated in the image below. Log in to begin configuring your settings.

Establish and protect administrator access to your network

Too often, networks are breached because the default password was never changed, or a weak password like “password1” or “welcome” was chosen. Use your password manager to create a strong password for administrative access to your wireless router, and update this password in your router’s settings.

After you’ve secured administrator access to your network, secure access to the network itself. Modern routers typically support multiple network types: a primary Wi-Fi network; guest networks; and wired, local area network (LAN) ports that let you connect directly to your router. For your accounting practice, we advise keeping your staff and internal devices on a primary private Wi-Fi network or LAN. Set up guest networks to allow external clients and visitors to access the internet while in your office.

Configure your Wi-Fi authentication settings

It’s imperative to password-protect all of your Wi-Fi networks. The prevailing standard for small businesses is WPA2-PSK or WPA2-Personal, or just WPA2. If you have a larger practice, WPA2-Enterprise offers more authentication options, but you may need your IT administrator to help with configuration. When using WPA2-PSK, create strong passwords for your internal private network and your guest network, and record them in your router’s wireless settings.

For each network:

  • Designate a unique name, or SSID, for the network, clearly indicating whether it’s for internal users or guests. Your users will choose this name from their list of available networks when they connect their devices.
  • Set “WPA2-PSK” as the network authentication method and “AES” as the encryption method. These may be grouped together or divided into two separate options, depending on your router, and they might be labeled “WPA2-Personal” or “WPA2.” Options labeled “WEP,” “WPA” (without the “2”), or “TKIP” (without “AES”) are less secure and can be easily bypassed, so we don’t recommend using them.
  • Enter your pre-shared key, which is the password you created for the network.

Make sure guests can’t access internal systems

You’ve created a guest network to allow clients and visitors to your office to gain internet access while keeping them safely separated from your private network and confidential business data. To make sure guests can’t access confidential practice information, when you’re configuring your guest network, be on the lookout for any option that allows guests to access your LAN, local network, or intranet. Make sure this option is not selected, or you could inadvertently grant guests access to internal systems that are wired directly to your router.

Protect your hardware from unauthorized access

The work of configuring your network is done, but what if someone were to gain access to the physical router onsite at your office? Routers can usually be reset to their factory settings with just the push of a button. After a factory reset, your network will revert to its default password, which can be easily guessed by an intruder. If you can, keep your wireless router in a secure location, like a locked cabinet, with the reset button out of reach.

By following these steps, you’ll successfully secure your practice’s wireless networks, allowing safe access for staff and visitors, and protecting your valuable data from breaches. In our next post, we’ll explore ways to protect the various office systems that connect to your network.

To learn more about improving security in your firm, download our latest e-book, “Building a Secure Practice: A guide for CPAs,” which offers step-by-step instructions for implementing security best practices.