Knowing WEP from WPA-2 Could Prevent Catastrophic Loss

In a surprise move, a computer consultant I know stood up at a meeting and recommended that organizations accurately name their wireless (Wi-Fi) networks because doing so amounted to free advertising.

He said that as he was driving across Tucson countless Wi-Fi networks popped up on his smart phone and often they were casually or badly named. Put your organization’s complete name right on there, he said.

For the first time ever, I completely disagreed with him. Frankly, he was giving bad advice. Here’s why.

For starters, probably only a small percentage of the general population pauses in parking lots to hunt for a free Wi-Fi connection. Those who look are not then favorably impressed with, say, “Rick’s Plumbing Supply” when they discover Rick’s Wi-Fi has built-in security which denies them access. Therefore, there is no advertising/goodwill benefit.

The risk of being hacked, on the other hand, is real. The shocking fact is that a significant percentage of all the wireless networks in Tucson – and anywhere else – can be hacked in ten minutes or less.

If you care about your organization and/or are at all responsible for its computer network, you need to understand the dangers that come with wireless networks. The Wi-Fi security known as Wired Equivalent Privacy (WEP) has been noted, for years now, as being easy to hack. Even so, the experts report, WEP is still widely used.

To see whether WEP really is still widely used in Tucson, I completed my own limited survey. I drove to a few office complexes, parked, flipped open my laptop and examined the list of Wi-Fi networks my computer had detected. Sure enough, WEP was still in use every place I went.

The fact is that WEP is easy to hack, even for beginners. Half the people reading this column could do it. For starters, just Google “WEP security” and you’ll find at least one YouTube video as well as step-by-step directions as screen shots that show you how to hack into a WEP “protected” Wi-Fi network. The required software is free. The hardware costs under $50. The directions are easy to follow and success comes fast, possibly in under ten minutes.

Once a hacker gains access to a WEP-secured Wi-Fi network, he or she can easily follow another set of directions, also available for free on the Internet, on how to find shared network files and modify, copy and/or delete them. Are you worried yet?

You should be. In my limited tests, the WEP Wi-Fi networks I saw included, for example, two healthcare-related offices and a couple more involving accounting and investment management services.  Probably some or perhaps all of these networks have a second layer of defense. Some organizations have also encrypted their shared computer files. Even so, you should not be comforted by the fact that a competent hacker might need only 10 minutes to find out whether your network computer files are secure.

Bottom line, every network currently using WEP should be upgraded to WPA or WPA-2 security. Even a WPA-2 network could in theory be hacked by a highly motivated programmer. However, if a sufficiently long and complicated password was in place, the “brute force” effort would be fruitless.

Here’s another tip. Make sure you disable WPS (Wifi Protected Setup). WPS is also a major vulnerability you don’t want to have.

By now you can probably see why I disagreed with the computer consultant who actually advised organizations to proudly and publicly name their Wi-Fi networks. In fact, you should do the exact opposite. Give your Wi-Fi network a name that leaves a potential hacker without a clue about just which network is yours.

Another step is to use WPA-2 security. Secure shared files through password protection. If you want more technical help, NetGear offers a decent, free white paper, “5 Steps to Secure the Wireless Network,” you can get here. What step are you on?

This entry was posted in Business Bytes by Dave. Bookmark the permalink.

What do you think? Leave a reply

About Dave

Dave Tedlock is the head of NetOutcomes, a digital marketing firm. For years he has written a marketing and technology column for various publications, including the Tucson Citizen’s Tucson Business Edge, Idaho Business Review, Inside Tucson Business, and The New Mexico Business Weekly. Tedlock taught writing and business communication for eight years in many universities, including the Harvard Business School and Iowa State University. For 13 years he worked in ad agencies as a copywriter, account manager or creative director. Tedlock has published short stories, scholarly articles and a writing textbook (with Paul Jarvie). He earned a Master’s degree in Fiction Writing from Brown University. He lives in Tucson and Santa Fe.

Comments & Questions