What it is
Your business network is all the connected devices, applications and accounts used within your business.
Why it matters
You need to think about your business’s network security as soon as you have:
- employees who need access to business applications and accounts
- multiple devices linked to your network – like laptops, phones, and printers
- customers or guests who want to use the internet (WiFi) while they're at your office.
The more devices and users you have on your network, the more opportunity there is for attackers to find a way into it.
The risks
Failing to secure your network puts you at risk of both attackers and accidental harm. For example:
- if you don't secure your router, an attacker could use default credentials to gain access to your network and shut down your systems
- if you keep your network devices somewhere there’s open access to them, someone could:
- plug an ethernet cable into one of the ports to access parts of the network kept private and secure from others
- press the reset button (whether by accident or on purpose) and reset your connected devices back to their factory settings
- if a customer’s phone had malware on it and they connected to the internet through your business network, the malware could get into the network — and your devices — without you knowing.
Configuring a guest network can stop that happening, and keep your business network private.
How to protect your business
If you need help with any of these steps, talk to your IT service provider — they can give you a hand to get your network sorted.
Secure your router
Your router is what connects your business network to the internet, and you may also use it as a wireless access point to give your office WiFi. You’ll need to make sure:
- you’ve changed the default login credentials for your router
- you’ve changed the name of your wireless network
- you’ve set a password for your wireless network
- you’re using WPA2 or a later version for wireless security
- you’re keeping your router up-to-date
- you’ve enabled any built-in firewalls, and restricted any management interfaces and ports so they’re not exposed to the internet.
Our guide to securing your home network has more information on what to do.
Move your router to a secure location
It’s important to keep your router in a place where no one can tamper with it. It should be somewhere secure where only you, or a trusted employee, can access it, like a locked cupboard.
Set up a guest network for your customers
Setting up a guest network is a bit like setting up a different account on your wireless router. It will let your customers access the internet through a network on your router that's separate to the one you and your staff use. It has a different network name, and a password you can share with customers who want to use WiFi.
A guest network should be configured in a way that will:
- only provide access to the internet. It should not have access to connect to other devices on your business network
- stop it talking to other devices on other networks. Some routers will let you set this up in the management or administration portal. Others will need you to configure a separate local area network (LAN) yourself.
Disable WiFi Protected Setup and unused features
If the devices on your network have features that you don't use, disable them. This includes a feature on your router called WiFi Protected Setup (WPS). WPS aims to make connecting wireless devices to your network faster and easier. It lets you connect devices, like printers, to your network without entering the network password. Instead, WPS uses:
- a PIN
- near field communication (NFC), if the device is close enough
- a push-button on the router, or
- a USB.
Unfortunately, there are vulnerabilities with this feature that an attacker can use to gain access to your network. For example, an attacker could go through a list of all possible PIN combinations to find the right one to log in with (known as a brute-force attack). If they got access to your network, they could use it to get access to your other devices and the information you hold on the network too.
Your router's manual should explain how to tell if WPS is enabled or not — it's often enabled by default. You can usually disable it in your router’s administration portal.
Restrict employee access to networks and devices
When you have a range of roles within your business, you may want to think about restricting access to parts of your network or server. Some roles need a higher level of access than others. For example, if you use a back-office computer for doing payroll and accounting, you may want to:
- make sure that computer is on a separate network from the others in the business
- limit access to that computer and network – it should only be those employees who need access who have it.
This is the 'principle of least privilege'. It means only having the access you need to do your job. You can set different permissions for each role based on the level of access they need. You can segment the network or server so that staff can only access the parts of it that their role has permissions for.
