Securing your wireless network

A secure wireless network protects your data and operations. Here are some ideas to help you improve your wireless local area network (WLAN) security and get the most out of wireless networking:

Assume hackers target everyone

Hackers scan for unsecured Wi-Fi 24 hours a day. Even small businesses face attacks. If compromised, your network could let attackers reach your customers or suppliers, and one breach is enough to damage your business reputation permanently. To get a better understanding of online threats, see cyber security for business.

Upgrade to WPA3 encryption

If your devices rely on basic WLAN security features such as Wired Equivalent Privacy (WEP), or out of date Wi-Fi Protected Access (WPA) protocols, upgrade them to WPA2 to WPA3 where possible. Modern devices with the latest security protocols offer better protection, especially when used with strong passwords of 20 characters or more.

Choose compatible equipment

Make sure that your new WLAN equipment matches the required wireless networking standards. If possible, order equipment from the same manufacturer to ensure that it's compliant and compatible. If buying from different manufacturers, look for the Wi-Fi Alliance certification mark to ensure devices work together securely.

Change all default passwords

Always enable security features when installing new equipment. Make sure the devices have unique complex passwords, not using common factory default passwords. Many devices now come with unique passwords pre-configured, but you need to ensure this information is not left with the device if it is in a public area where anyone can see it. Read more on Wi-Fi protected access (WPA).

Position access points carefully

Place access points (which transfer data between your devices) away from external walls and windows. This reduces signal leakage outside your building and limits the chances of interception. Use a Wi-Fi analyser app to check coverage.

Authorise all Wi-Fi devices

Only allow approved routers and access points on your network. Check for unauthorised devices weekly. Block staff adding personal routers as one insecure access point could put your entire network at risk. Read more about access points and other wireless network components.

Use a virtual private network (VPN) for remote access or on public Wi-Fi

Require staff to use VPN to access company systems from home, coffee shops, hotels or client sites. A VPN adds a second layer of encryption to WPA3, and protects your data, multi-site office connections and cloud services.

If you can, use firewalls to isolate the WLAN from the rest of your network. See how to improve network security with VPN and firewalls.

Check your network logs regularly

Monitor your network and review router logs periodically for unknown devices or unusual activity, to make sure that your network has not been broken into. If you are not sure how to do this, call in an outside expert. You may also want to set up alerts for failed login attempts. Act quickly if you notice anything suspicious.

Update equipment regularly

Keep software and router or wireless access point firmware up-to-date as this makes it much more difficult for hackers to exploit weaknesses. Enable automatic updates where possible and restart your router every three months to clear up cached data, fragmented connections and memory leaks.

Get an independent security check

Finally, unless you have good technical skills in your business, consider bringing in external experts to check your security measures and test your network each year. They may uncover weaknesses you might have missed. Ask them for a written report from your security audit - this will identify your risk rating, issues found, and give you instructions on how to resolve them. This documentation can be helpful as insurance proof in case of a claim, or as compliance evidence if you're applying for Cyber Essentials certification.

Follow other best practice tips to protect your business online.