Blog

Wireless

On this Tech Tuesday episode,  Dave Hodgdon from PCG sits down with John Maher to talk about wireless assessments. They look at the differences between residential and commercial wireless networks, and they provide tips on how to secure your network with an emphasis on the risks of employee cell phones and remote workers.

John Maher: Welcome to Tech Tuesday, brought to you by PCG, a managed IT services company in Portsmouth, New Hampshire. I’m John Maher, and here today from PCG is Dave Hodgdon. Welcome, Dave.

Dave Hodgdon: Good morning, how are we doing today John?

John: Good, thanks.

Dave: Love Tech Tuesdays.

How to Determine a Company’s Need for Wireless

John: Absolutely. Today Dave, our topic is wireless. And we want to talk a little bit about companies and them implementing wireless in their offices. A lot of people use wireless for their mobile devices, but also now for their computers and especially laptops so that they can use their laptop and bring it around the office, and use it anywhere. How should a company determine what they need for wireless and the wireless network?

Dave: I think you need to understand what the actual business needs and why they feel they need it. A lot of PCs in the old days were hardwired, but in today’s world, especially with the COVID and the remote workforce, a lot of people are working from home on Notebooks, and when they come to work they might not be hardwired in. You need to take a good look at the environment and the business you’re in, you could be in manufacturing and you need tablets out on the floor to collect data. You could be an oil company and need wireless devices in your trucks.

But in the office, John, we’re seeing the wireless trend is just going up and up. And people want more mobility, they want flexibility to get to the conference room, they want the ability to hit the road and go home. And today, everyone wants everything now, so wireless is critical in every business.

John: Right. They don’t want to have to take the time to find a place where they can plug it in and get online and that sort of thing. They just want to be able to plop their Notebook down on a desk, open it up, and they’re on.

Dave: Yeah. Usually the hotspots are not secure, and that’s a huge thing with wireless; it has to be secure.

Difference Between Home and Business Wireless

John: Okay. So, at home, I get my wifi from my cable modem, and it comes in whether it’s Comcast or Verizon or something like that. It comes into a cable modem, and that’s usually just a wifi router by itself. I don’t really have to add anything else. So, why do I need access points at work? And what are the differences there between what we have at work and what we have at home?

Dave: Great question. Well, the model at the home with Comcast does a great job. It is a consumer-based solution. It is not really geared to cover a whole facility, you might have a four or five thousand foot manufacturing floor. We have businesses that have over 100,000.

But that device is not a secure device, and it doesn’t… They use the word ‘density’, that it only can handle X amount of people on that wireless. In a business environment, you have many people and a lot of them are using their phones, they’re using their wireless tablet or a Notebook, a lot of devices are using… Such as security cameras, or your HVAC. There’re more and more solutions now running on the wireless.

And a lot of people say, “Well, how come I can go get this at Best Buy for $100?” There is no way that’ll work in that environment. And nor does it give them the security they need. And you need to have a solution in place, John, that is going to give you a long term solution, peace of mind, you can give your users the experience they need.

Guest Versus Private Networks for Businesses

John: Right. Sometimes when I go and do a company, or maybe it’s even a restaurant or something like that and I know that they have a guest login for their wifi. What’s the difference between the regular wifi and the guest wifi? And why do we need to have separate networks for those?

Dave: Always you need to have your business traffic on the private network, and you should never have cellphones on any form of private network. Cellphones are some of the biggest culprits now, John, that we know that cyber security’s big, but those bad guys could be on that cellphone. So never allow your employees or your guests to have the cellphones on the private network.

Most of our offices that we set up, they always use the private networks, so no matter where I am in the building, I’m on that network, I’m going from… Kind of think of it as your cellphone when you’re driving down in the car, you have a connection. You’re not getting a drop, you’re staying on that same phone call, for the same time.

Same thing with the wireless, as you walk around you’re getting one access point to the next access point, to the next. They use the word ‘mesh’. You’re in one big wireless that you stay connected to on your application. So if you’re on the company’s wireless, it’s not like you need to login each time. You’ll stay connected.

And if you are not in a private network, you’re definitely leaving yourself vulnerable. And we find most of our accounts we set up the public, so anyone coming to your business; a prospect, a vendor, a client, that you’re going to give them access to the guest network only. Even with going to the doctor’s office, you see they’ll publish their wireless network. And you can fold that down, so they’re not using up your bandwidth. So you’ll put the guest network on their own network, with X amount of bandwidth, but leave the primarily, the big part of the network to your staff.

Why Cell Phones Should Not Use the Private Network

John: Okay. And you said that even when your staff or employees have their cellphones, they should be connecting those cellphones to that public or guest network, rather than using the private network?

Dave: Correct. Never, ever allow anyone to use cell phones, whether you’re an employee there or not. Never use the private network for your cellphones. It is a huge vulnerability risk.

Where to Put Access Points for Wireless Networks

John: Okay. So, say my office has 10,000 square feet. How do I know where to put those access points so that employees are able to access the network from anywhere in the office?

Dave: Every building is different. The infrastructure, whether that’s metal, it’s wallpaper, it’s copper, it’s the height of the ceiling, it’s the mortar, it’s the brick. So it’s imperative to do what’s known as a network wireless assessment. We use this special service tool called Ekahau. Think of it as a heat map.

So with this service, we’re able to do the complete survey of the building and determine what we call is the hotspot. So, a lot of people when you do the wireless assessment, you walk through, “Where do I need wireless? Do I need it in the bathrooms, the conference room, this or that corner, the janitor’s office?” So, to have complete coverage, it’s nice to show on the heat map where it all is. But from that point, you can peel it back, John, and only put the access points where they are.

The good thing with wireless, you can add more as you need them. It’s not like… if you’ve got 10,000 square foot, you might need 15 access points. You can start in a certain area and add more. The most important part, people, they don’t think about wiring. It needs to be in the right spot. And you need to run a wire there, so there’s an additional cost to get the wire in there. But if you have a plan, you can strategically think out where they need to go, and add them as they need.

Cell Phones and Network Security Risks

John: Okay. Anything else that people should be aware of in terms of cellphones and connecting to the network? You just said that you want to make sure that cellphones, all cellphones, whether it’s guests or employees, need to be connected to that public network, the guest network. Anything else in terms of adding cellphones to the network?

Dave: Well, just that you’ve set the protocol in your employee handbook that this is… So, when they hire, it’s kind of like the onboarding; when you connect, we expect you to use the public network. Any savvy user, if they want to get to the private, they know the password, they can get on. But it’s up to you as your HR, to set the tone, “This is what is expected,” we’re ultimately there to protect our data. That’s our livelihood, and we want to minimize that risk.

Another big thing now, with everyone working remotely, John, is also working at home. So, we want to make sure there’s protocols and processes in place if they’re home on the wireless, that you’re trying to lock down the home wireless as well; that you’ve got family, kids on something. If you’re on the same network with them coming into your network, that’s a risk too. So, you really want to think about that and lock that down so you can secure your remote users, working from kind of like a Comcast modem, which is really not private. So, there’s easy ways to fix that.

Residential Versus Commercial Routers

John: You said before that people sometimes say, “Well, I can buy a wireless router at Best Buy or something like that for $100. What’s the difference between that and these commercial access points that you’re installing?” Tell us a little bit more about the differences?

Dave: Well, the big thing is the quality of… It’s the antenna. So, the quality of the range; how far the signal can go, also the ability to lock down the private and the public. The big thing we see from our end is the cloud management, John. The ability to manage that device, that we can see the number of people on an access point, you can move them to another access point.

A lot of times, people have… Like, at a golf course, they’ll have a wedding or a convention, or some vendors will be there. You can’t have just one access point, as I mentioned earlier, the word ‘density’. There could be 30, 40, 50, 60 people trying to get on to an access point. The more that get on there, the internet gets slower. The experience becomes worse, you need to add more access points, so people can get to those.

But the better units are going to give you longevity, they’re going to give you support, they’ll give you the warranty. They’ll give you the management, they’ll give you the ability to add antennas to improve your signal. And I think the most important thing to any wireless network is managing it. You know who’s coming and who’s not on that network.

Detecting If Employees Are Using the Private Network With Their Cell Phones

John: One of the questions that I was going to ask about the cellphones, is how do you know if your employees are getting on their cell phone and they’re going on to the private network? You’re able to monitor that and see who’s on the network and say, “Oh, hey, that employee has their cell phone on the network. We need to talk to them and get them off of it and onto the public network.”

Dave: Yeah, that’s the great thing about cloud management. We use the Meraki, which was acquired by Cisco. The cloud management portal, it’s easy to use, it is… You know who’s on it, it’s a great way to manage if there’s too many cell phones on there, you need to knock them off. You’ve got one of the wireless devices having some issues, you can take it off there.

Having management to the wireless is probably… Everything now, John, wants wireless. When you think about it, like on my cell phone now, I can manage my heating system here, I’m using everything from my phone right now. And there’s more and more devices coming on the network, which needs more IPs, more complexity. And these low end consumer based wireless access points have no idea how to manage and control that.

You need to be smart on your setup, and wireless is… It’s not going anywhere. More and more is happening on wireless. Do it right and you won’t have any issues.

Security Concerns With Wireless Networks

John: Is security still a concern in terms of adding wireless to my office, if my employees all really want it, but I’ve been a little bit hesitant because security is a real concern for me? Is it something that I should really still be concerned about?

Dave: It should be one of the top things. Opening wireless, you are opening a door. And that’s why you need a commercial grade access point, that you can lock things down, I’m sure you heard about the big breach at Target. There was a HVAC company doing some work there. They happened to leave a port open, and then some hacker was able to get through and get through Target, and create a huge ransomware attack on them. So, you need to be paying attention to those.

IT Security With Remote Workers

John: And what about my remote workforce? With a lot more of my employees working from home, and being on their home wireless network, what are the concerns in terms of them accessing the network at the office, in terms of security and problems there?

Dave: We mentioned that should be part of your work from home policy, that most of your employees at home are going to be on some sort of inexpensive wireless. We have a lot of our clients now adding a better wireless access point at the home. Meraki does offer a solution that you add another small device that ends, John, it creates a VPN tunnel.

So, the traffic coming from the home to the work is more secure. And at the home environment, you can set up public and private. So, you just need to be mindful. And in the old days, all your staff was in the building, it was easier to control. Now, everyone’s remote, you’re not sure where they’re connecting; from a hotel, or from a hotspot, or from their vacation. You just need to have things, processes in place to make sure you have the secure connection.

Contact PCG for Help With Your Wireless Network

John: All right, well that’s really great information about wireless, Dave. Thanks again for speaking with me today.

Dave: My pleasure, John. Anytime anyone wants to have a wireless assessment, again, reach out to PCG. And we’ll help you get the right solution in place.

John: Great. And for more information, you can visit the PCG website at pcgit.com, or call 603-431-4121.