Employee Left- How to secure Wi-Fi from previous employee

Did you know that if someone has the password, they have complete access to your network? In general, I see that these passwords seldom change. Employees come and go, but the Wi-Fi password at most businesses is solid and unchanging for many years. Generally speaking, the way 99% of the networks are setup are as follows:

You have your LAN – (physical network of firewall and switches)

Internal Wi-Fi – A network that extends the physical network to allow anyone connected to Wi-Fi, to access network resources, (be it printers, file server, devices, cameras etc.). This is for all intent and purposes the same thing as being plugged into the network physically.

Wi-Fi Guest – This guest network is generally isolated from the rest, and prevents those connected to it from gaining access to internal office resources.

 

So, how do you secure a Wi-Fi network from someone who is already connected to it??

That’s precisely what we’re trying to figure out. Sure, you could give each user their own password, but what would prevent them from sharing passwords with others? With numerous passwords and no way to truly secure it with Multifactor Authentication, this might become complex and messy.

The other option is to have a very long and complicated password that changes every month or so. This would make it difficult for someone to guess the password, but again does not prevent someone from sharing their own password with other employees.

 

The solution!

A much better solution is to use a VPN (Virtual Private Network). A VPN will encrypt all traffic going from the user’s device to the Internet. This means that even if someone is able to sniff the traffic, they will not be able to decipher what it is that is being sent.

Sounds complicated? It’s Not!

Your organization most likely is already using a dedicated firewall in conjunction with the modem from your Internet Service Provider (ISP). If you are still using the all-in-one Comcast, (or any other ISP) modem router combination, I strongly suggest getting a dedicated firewall appliance. They are not very expensive and would greatly increase the security of your network. Your local Managed IT Services provider would be able to help get this setup for you.

Now, most likely your firewall already supports VPNs. There are many different types of VPNs out there, but we recommend using an SSL VPN. These types of VPNs use SSL (Secure Sockets Layer) to encrypt the traffic. This is the same type of encryption that is used when you are doing online banking or shopping.

 

Why are we talking about a VPN?

As I said earlier, Wi-Fi is not secure when you give out the password to every employee. Having this password gives you access to the entire network. VPN allows only individual’s access to the network resources after they establish a secure tunnel using their network credentials and 2 Factor Authentication (2FA). This in essence turns the current Wi-Fi into the guest network where the internal network is not accessible, regardless if you have the password to it or not. This basically says that unless you are physically plugged into the network, hard wired, you will NEED to use a VPN connection in order to access anything on your network. This comes in very useful when you have an employee leave the company and you need to quickly revoke their access to your network. With a VPN in place, you simply delete their user account from the firewall and they no longer have any way of accessing your network.

 

What are some other benefits of using a VPN?

Aside from the security that it provides, a VPN can also be used to allow remote employees access to the office network. This is extremely useful for companies that have employees that work from home or are often out of the office on business trips. This essentially ensures that no matter the location that employee is at, they will access the network the same exact way. Uniformity and standardization are things that I always try to push in order to create an easy to manage and easily maintained infrastructure.

 

If your business needs to secure their Wi-Fi in this similar fashion, please contact AlphaCIS to see how we can help. We are a Managed IT Services provider in Metro Atlanta area and specialize in cybersecurity. Or you can give us a call at 678 619-1218.

author avatar
Dmitriy Teplinskiy
I have worked in the IT industry for 15+ years. During this time I have consulted clients in accounting and finance, manufacturing, automotive and boating, retail and everything in between. My background is in Networking and Cybersecurity