Networks empower businesses to share resources, access the internet, use cloud applications and so much more. When they work right, they are invisible and rarely thought about. When they go wrong, everything comes to a grinding halt. When Windows 10 tells you your WiFi network isn’t secure, is it anything to worry about?
If you’re seeing this message, chances are you upgraded your business to the new Windows 10 May Update. This included a new message warning users about the perils of using WEP and TKIP encryption on their wireless networks. All computer users should pay attention to that warning but businesses even more so.
The computer support team here at New Jersey Computer Help have already seen this message a couple of times from clients. It is nothing to worry about but you will need to do something about it.
Every wireless network needs to be encrypted to protect your data. Encryption requires a login to access the network and contributed to keeping your business data secure. As encryption methods develop, older methods become obsolete. Two obsolete methods are WEP and TKIP. Both are now regarded as too weak to adequately protect wireless networks from attack.
The action you need to take is to improve that encryption. I’ll show you how to do that in a minute.
TKIP vs AES
When you first set up your business network, chances are you had to choose between WPA2-AES and WPA2-TKIP. If you chose the latter, this is why you’re seeing the message.
TKIP, Temporal Key Integrity Protocol, is an older encryption method like WEP that is no longer regarded as strong enough to protect networks. As attack vectors have become more sophisticated, older ways of protecting those networks have fallen behind. Newer security methods have been released in WPA2 which replaces WPA and AES which replaces TKIP.
I know these may be confusing. All you really need to know is that TKIP is old, AES s new.
AES is a global encryption standard used by governments, commercial encryption products and security software. It is as strong as it gets right now and improves on the 64-bit encryption by upping it to 256-bit encryption. This essentially means that a hacker would need to try 2256 different combinations to break it. In other words, they would need a supercomputer and a whole lot of time.
Along with a strong WiFi password, 256-bit encryption will stop all but the most determined hacker from accessing your network. Nothing is completely secure but only the most highly skilled hackers can break AES. As long as the password or passphrase is strong enough, you should be fine.
Upgrading your wireless encryption
If you have a newer or recent router, a simple configuration change can both get rid of the message and improve the security of your network. You can do it yourself or New Jersey Computer Help can come visit and do it for you as part of a full network audit.
Doing it yourself is very straightforward. All you need to do is log into your main router and change the WiFi encryption method from WPA2-TKIP to WPA2-AES. If you don’t see AES mentioned specifically, look for mixed mode as this should have it included. If you cannot see either AES or mixed mode, you may have an older router and could do with an upgrade.
It’s difficult to describe exactly how to change the encryption method as different router manufacturers use different naming conventions for their configuration options. It would usually be found under Wireless, WiFi or Security menu options.
While you’re in your router, check your wireless password. Make sure it is strong, not a dictionary word and would be as difficult as possible for an outsider to guess. I tend to suggest a passphrase rather than a word like a movie title with some letters swapped with numbers or the first line of your favorite song or poem. Easy to remember but difficult for someone else to guess.
If you keep using TKIP encryption, your business network is vulnerable to attack. Many insurers will not cover you if you are breached and you could be held liable for any data lost during that breach. Plus, your network is for your use and should stay that way.
Wireless encryption is only one part of small business network security. You also need a router that provides NAT, Network Address Translation, a hardware firewall either contained within the router or as a standalone device and antivirus and malware scanners.
Only with all these defenses in place can you sit back and relax. Without one or more of these defenses, you are vulnerable to attack.
A router with NAT hides your internal IP addresses from the internet. It’s a small protection but adds to defense in depth. A firewall blocks unauthorized traffic from entering or exiting your network and will block most hacking attempts. Some routers come with firewalls built in. Larger organizations may need to invest in a dedicated hardware firewall for more robust protection.
Antivirus and malware scanning detects malicious files that can provide entry for a hacker or to steal your data. Downloaded through infected files, web links in phishing emails or from infected websites, these programs can open holes in some firewalls that allow hacker inside.
Only with all these solutions in place can you think of your network as secure.
If you need expert help securing your business, New Jersey Computer Help are the guys to call. With many years’ experience under our belt and the expertise to protect what’s yours, we are the natural choice to help you. Contact us today to learn more!