Is your business considering going wireless? Increasingly, small and medium-size businesses are embracing notebook PCs and wireless area networks that support the 802.11b (or Wi-Fi) standard, enabling their employees to stay productive whether they’re in the office, at home, or on the road. For many of these companies, the long-held promise of mobile computing – namely, a workforce liberated from cords and wires – is coming true. But before you buy into wireless, you need to understand the security risks associated with this new technology.

Cite the benefits
Companies that have implemented wireless technology – either as an extension of their wired infrastructure or as a wholesale replacement – often cite the productivity advantages that accrue from having employees work with notebook PCs. In particular, wireless advocates point to a recent report by Gartner Inc., which found that employees with notebook PCs see anywhere from .5 to 3 hours of increased productivity per week compared to their desktop counterparts. When wireless connectivity was added to those notebooks, the figure increased to as much as 11 hours of additional productivity each week.

In another report, specifically addressing small and medium-size businesses, Gartner recommended that a wireless network be installed in place of a wired LAN in small offices and temporary locations that don’t have a network but need one. The reason? Wireless networks are less expensive to install than wireless alternatives. Some reports have estimated that eliminating cabling saves businesses from $150 to $350 per user.

Meanwhile, according to statistics compiled by the Wireless LAN Association, 97 percent of customers said that wireless LANs met or exceeded their expectations to provide their company with a competitive advantage, while quantified productivity benefits were found to be 48 percent of the total ROI (return on investment).

Those are heady numbers. Consider, too, that the prices for wireless hardware continue to fall, and it’s no wonder that mobile technology is becoming a viable option for more and more companies.

Avoid the ‘backdoor’ approach
But businesses exploring wireless solutions need to do their homework. According to Laura Garcia-Manrique, Group Product Manager - Wireless at Symantec, security is one of the top three concerns of IT managers regarding wireless networking and mobile computing -- and frequently it's number one.

Garcia-Manrique notes that much wireless equipment is introduced to organizations by individual employees and workgroups, rather than through the IT department or other proper channels. The result of this “backdoor” introduction is that wireless isn’t put through the normal process of understanding a particular technology’s capabilities and limitations before implementation. As a result, she says, there has been a lack of emphasis on securing this new technology. The most common security concerns about wireless include:

• The possible interception of a wireless transmission as it travels through the air
  
• The potential loss of a mobile computing device, with the data on the device being compromised
  
• The matter of trusted relationships when mobile computing devices are considered for use in commerce (i.e., entering orders or making purchases).

Defining policies and standards for wireless is paramount. For example, whenever a wireless LAN is enabled, VPN (virtual private network) technology should be implemented. And notebooks with Wi-Fi capabilities need to have antivirus and firewall protection installed.

But security doesn’t end there. A wireless network can broadcast far outside your building, allowing anyone sitting (or even driving) by your installation to eavesdrop on your data. All it takes is a powerful antenna and some widely available hacking software. For that reason, security experts say companies planning to go wireless should follow these additional precautions to keep their information locked up tight:

• Enable WPA encryption. WEP (Wired Equivalent Privacy) encrypts wireless data streams between clients and servers, helping prevent unauthorized users from reading traffic while it's in transit. The bad news: WEP doesn't offer end-to-end security and can be broken easily. The good news: a new – and much stronger -- security enhancement called WPA (Wi-Fi Protected Access) is now available. The Wi-Fi Alliance began certifying products for WPA interoperability in April. In addition, all new products submitted for certification after August must have WPA capability. (Note: If you already own wireless networking hardware, upgrading may not be possible. Check the Web sites of your hardware makers for WPA upgrades.)
  
• Control the broadcast area and lock each access point. Many wireless access points let you adjust the signal strength. Place your access points as far away as possible from exterior walls and windows. Test the signal strength so you can barely get a connection at these locations. Next, make sure to change the default password on your access point. Use a strong password to protect each access point.
  
  
• Use SSID (Service Set Identifier) intelligently. Buy access points that let you disable SSID broadcasting. This prevents access points from broadcasting the network name and associating with clients that aren't configured with your SSID.
  
  
• Use MAC (Media Access Control) address authentication. If you have a manageable number of users (less than 50) and just a few access points, MAC addressing lets you restrict connections to your access points by specifying the unique hardware address of each authorized device in an access control list -- and allowing only those specific devices to connect to your wireless network.
  
  
• Secure the wireless LAN with IPsec VPN technology or clientless VPN technology. This is the most secure way to provide user authentication, data integrity, and data confidentiality services on a wireless LAN. Additional VPN technology is not dependent upon the access point or the wireless LAN card; therefore, additional hardware costs are not incurred as wireless security standards continue to evolve.

Conclusion
The good news for small businesses is that wireless technology is catching up with the promises that have been made for it. The technology is maturing, and manufacturers recognize that companies are demanding a higher standard of security before they adopt new technology. Still, don’t put the cart before the horse. If you’re thinking of embracing wireless, first determine that mobile technology use in your organization is governed by good standards and policies, then be sure you understand the benefits and ROI of wireless before making any significant investments. That’s how to make the best case for wireless.