The firewall and WiFi router used to support a business data network are two elements of cyber security that are often taken for granted. In many do-it-yourself network installations, firewalls and routers are left with their default factory configurations, which invariably feature credentials for administrative access. These default settings are irresistible to hackers because they make it easy for them to ply their wicked trade.
The username and password combinations set by hardware firewall vendors when they ship their products are readily available online; they can be found on technical support websites and user manuals. Even if manufacturers do not make these default credentials available to the public, hackers are known to obtain them and post them on underground discussion forums.
A firewall cannot be described as being secure unless default administrative access has been changed. The username, which for many devices is “admin,” does not need to be changed if a new and strong password is selected. We are talking about passwords that are at least 12 characters long, and which feature a combination of upper and lowercase letters, numbers, and symbols. These passwords can be stored in a secure vault for greater protection.
As for wireless routers, the network identification does not need to reflect the name of the business in all cases. Let’s say a law firm named “Garcia and Johnson LLP” exclusively uses its WiFi network for internal business; in this case, the network ID can be something along the lines of “xb0543,” and this name can be distributed within to staff members and other authorized users. This security measure makes it more difficult for hackers who are into “wardriving” and port scanning, which are two techniques typically used to identify potential targets.
Going beyond the changing of default settings on firewall and WiFi router devices, business owners should think about implementing password administration policies conducive to information security. There is no good reason for former employees to have access to firewalls or WiFi routers; in fact, this is a security risk, so it makes sense for business owners to change passwords whenever individuals are dropped from the payroll.
