We put the IT in city®

CitySmart Blog

Thursday, October 13, 2016
John Miller, Senior Consultant
John Miller

In our last post, we talked about network security policy but left wireless security for this post. It’s not uncommon to see a city overlook the importance of wireless security. Partly, that’s because it’s easy to treat wireless devices like how you would set them up at home—buy a wireless router, unbox it, plug it in, power it on, connect your devices, and go.

Not surprisingly, technology audits often show that cities have open wireless access points that make it easy for hackers to access a city’s network. If wireless devices are not configured, secured, and properly monitored and maintained by IT professionals, then they can pose major security risks for cities.

When considering a wireless security policy, you need to account for the following elements.

1. Secure and lock down all wireless devices.

You’re not a home or a small coffee shop. You’re a city. People shouldn’t be able to hop onto your wireless network without a password and start getting on the internet. In fact, no unauthorized user should have access to your city’s wireless network. At the very least, you need to:

  • Set strong, complex passwords for all wireless access users (including administrators).
  • Ensure that all wireless users are known and authorized.

2. Remove physical wireless access hardware from the public or unauthorized employees.

A citizen visiting city hall or an unauthorized employee wandering through a hallway should not have access to a city’s wireless device. Yet, many cities often have wireless access points sitting in the open. These devices are easy to steal, damage, or reconfigure. To remain safe, any physical wireless hardware needs to be secured (such as in a locked room or a cabinet accessed only by a key or key fob) similar to how you would secure servers or your network infrastructure devices.

3. Apply patches and upgrades to wireless devices.

Wireless hardware runs on software that needs to get regularly updated with patches and upgrades. Bugs, security holes, and performance issues get fixed by these patches and upgrades. If your city hasn’t applied these updates in a while, then that is a priority in order to get these wireless devices as secure as possible. Ongoing wireless patching and upgrading should then become a regular part of your technology maintenance.

4. Use appropriate wireless hardware and configure it properly.

Assess and create an inventory of your existing wireless devices. What kind of equipment are you using? If it’s consumer-grade, then you’re at a big disadvantage. Business-class wireless hardware is more secure, provides better coverage throughout your buildings, and better grows along with your city if you need to add more users. Your wireless security policy should set a minimum requirement for your city to use business-class hardware with configuration performed by IT professionals.

5. Monitor and maintain your wireless network for security breaches.

As part of monitoring and maintaining your network infrastructure, you need to also monitor and maintain your wireless network. Activities include:

  • Watching for hacking and unauthorized access attempts.
  • Monitoring wireless data usage and network traffic to proactively identify internet access issues.
  • Applying security patches and software upgrades.
  • Ensuring compliance with legal and technical security standards.
  • Enforcing security policies and applying best practices.

With a strong wireless security policy that applies the best practices above, you’ll shore up this often weak security hole at your city. Wireless access is a convenient, efficient way for employees to access the internet. Make sure that this access remains safe and secure.

Questions about your wireless security? Reach out to us with any questions.