You're reading The SME Security Brief, practical IT, cyber security and technology advice for Irish and UK businesses. No jargon. No scare tactics. Just what you need to know, every week.
If someone forwarded this to you, you can subscribe at thesmesecuritybrief.com.
THIS WEEK'S THREAT 🔴
The two network risks most SMEs have never thought about
Picture two scenarios.
Scenario one. A visitor comes to your office, a contractor, a client, a delivery person. You give them the Wi-Fi password because it is easier than explaining why you cannot. They connect. What they do not tell you is that their laptop is infected with malware. Once they are on your network, that malware can see every other device connected to the same Wi-Fi. Your accounts laptop. Your server. Your shared drives. All of it potentially visible from a device you invited in yourself.
Scenario two. One of your team is working from a coffee shop. They connect to the free Wi-Fi and log into Microsoft 365 to check emails and access a shared document. What they do not realise is that the person at the next table is running a simple network interception tool. Freely available online, that captures the data passing through that connection. Your login credentials. Your business documents. Gone.
Neither of these scenarios requires a sophisticated attacker. They do not require specialist knowledge or expensive equipment. They happen every day to businesses that simply never thought about their network security.
The good news is that both are entirely preventable with a handful of changes that cost nothing or very little to put in place.
What you should do this week:
Log into your office router and check when the admin password and Wi-Fi password were last changed. If the answer is "never" or "I don't know," change them both today.
Check whether your router supports a guest network — most modern routers do. If it does, set one up for visitors and keep your main network for business devices only.
Have a conversation with any staff who work remotely about what networks they connect to and whether they are using any form of protected connection.
THIS WEEK'S TIP 💡
Four network security basics every SME should have in place
These are not advanced measures. They are the equivalent of locking your front door — basic, effective, and something most businesses still have not done properly.
1. Change your router defaults
Every router ships with a default admin username and password. Lists of these defaults are freely available online, which means anyone who can reach your router login page can get in if you have never changed them. Log into your router admin panel, change the admin password to something strong and unique, and while you are there, change your Wi-Fi network name so it does not broadcast the make and model of your router.
2. Set up a guest network
A guest network is a separate Wi-Fi connection that sits alongside your main network. Visitors, contractors, and personal devices connect to the guest network. Business devices connect to the main network. The two cannot see each other. This one change eliminates the scenario described above where a visitor's infected device has access to your business systems. Most routers built in the last five years support this — check your router settings or ask your IT provider to set it up.
3. Use WPA3 or WPA2 encryption
Your Wi-Fi network should be using WPA2 or WPA3 encryption, not the older WEP standard which can be cracked in minutes. Log into your router settings and check the security protocol under your wireless settings. If it shows WEP, change it to WPA2 immediately. WPA3 is better if your router supports it.
4. Protect remote workers with a VPN
A VPN (Virtual Private Network) encrypts the connection between a device and the internet, meaning that even on an unsecured public Wi-Fi network, the data being transmitted cannot be easily intercepted. For staff who regularly work from home, coffee shops, or client sites, a VPN is one of the most effective protections available. Windows 11 includes a built-in VPN client, your IT provider can set this up to connect to a business VPN service without requiring any additional software on staff devices.
THIS WEEK'S TOOL 🛠️
Windows built-in network tools: what you already have and how to use them
Most SMEs running Windows devices already have access to several useful network security tools without paying for anything extra.
Windows Defender Firewall
Built into every Windows device, Windows Defender Firewall monitors and controls incoming and outgoing network traffic. It should be switched on and set to block connections that are not on an approved list. To check: search for "Windows Defender Firewall" in the Start menu and confirm it shows as active for both private and public networks. If it is off on any device, switch it on immediately.
Windows VPN client
Windows 11 and Windows 10 both include a built-in VPN client that works with most business VPN services. To find it, go to Settings, then Network and Internet, then VPN. Your IT provider can configure this to connect your staff securely when working remotely, without needing to install third party software.
Network profile settings
When a Windows device connects to a new Wi-Fi network, it asks whether the network is public or private. This matters — on a public network setting, Windows applies stricter firewall rules and hides the device from others on the network. Make sure staff know to always select "Public" when connecting anywhere outside the office. To check current settings: go to Settings, then Network and Internet, then Wi-Fi, and click on the connected network.
None of these require additional software or budget. They are already on every Windows device in your business. They just need to be switched on and correctly configured.
QUICK COMPLIANCE CHECKLIST
Five questions for your network security review:
Have the default admin password and Wi-Fi password on your office router been changed from the factory defaults?
Do you have a separate guest network for visitors and non-business devices?
Is your Wi-Fi network using WPA2 or WPA3 encryption?
Is Windows Defender Firewall switched on and active on all business devices?
Do remote workers know to select "Public network" when connecting to Wi-Fi outside the office?
BEFORE YOU GO
Network security is one of those areas where the basics make the biggest difference. You do not need enterprise-grade hardware or a managed security service to be meaningfully more secure than you are today. You need a guest network, strong passwords on your router, and staff who know what to do when they are working away from the office.
Most of what we covered today takes less than an hour to put in place. Some of it takes five minutes.
If there is one thing to do today, log into your router, change the admin password, and set up a guest network. Everything else can follow.
See you next week.
The SME Security Brief
