Wireless networks are exposed to many of the same types of threats and vulnerabilities as wired networks, including viruses, malware, unauthorized access and data loss. However, they are considered inherently less secure than wired networks because data are transmitted into the air and can potentially be intercepted and misused by individuals with malicious intent. Also, because wireless networks are often used as extensions of wired networks, even minor IT security weaknesses on wireless networks can expose internal network resources to additional threats. Therefore, a wireless environment requires certain additional security precautions to prevent unauthorized access and eavesdropping.

Although wireless environments and their related security systems can be quite complex, local government and school personnel can implement effective controls with relative ease and without incurring additional costs. Some best practices relating to wireless technology include:

• Adopting written policies and procedures;
• Determining the optimal number, physical location and broadcasting power of wireless access points;
• Maintaining an inventory of and monitoring wireless access points;
• Changing the service set identifier (the SSID or name of the wireless network) using a naming convention that excludes identifiable information about the local government or school, location, technology, manufacturer and type of data traversing the network;
• Requiring an access password for users and enabling the most secure encryption available (currently WPA2 or WPA3);
• Changing the administrative password (used by the administrator to set up the wireless access point) from its well-known default value;
• Updating and patching all wireless hardware and software timely; and
• Considering other security controls that may be necessary given the local government’s or school’s unique computing environment and security needs.

A further discussion of wireless technology and security can be found in the Office of the State Comptroller’s publication entitled Local Government Management Guide: Wireless Technology and Security.¹⁸

¹⁸  https://www.osc.ny.gov/localgov/pubs/lgmg/wirelesstechnologysecurity.pdf

The Information Technology Governance LGMG can be downloaded at https://www.osc.ny.gov/files/local-government/publications/pdf/information-technology-governance.pdf