Securing your wireless network

The latest security protocols, based on Wi-Fi protected access (WPA), can help strengthen your wireless local area network defences, but they don't necessarily stop all attacks. You should consider adding virtual private networks and firewalls as additional ways of boosting your network security.

Virtual private networks (VPNs)

VPNs create an encrypted tunnel for all your Wi-Fi traffic, protecting data even if your wireless network uses weak security, or if you're on a public Wi-Fi like coffee shops, hotels or client sites. When used with WPA3, they effectively provide double encryption, keeping data private even when Wi-Fi security fails.

VPNs are essential for:

• remote working - employees safely accessing company files and systems from home
• multi-site businesses - linking branches, warehouses and remote offices with encrypted connections
• guest Wi-Fi isolation - allowing customers to use your Wi-Fi safely without accessing internal systems or seeing employee traffic
• compliance requirements - often mandatory for cyber insurance policies, and necessary for Cyber Essentials, ISO 27001 and data protection compliance

While VPN encryption adds strong protection, it isn't perfect and there are some limitations. For example, you may experience:

• set up challenges - design and deployment often need expertise and most small businesses will need IT consultants
• roaming issues - moving around big buildings/sites can cause connection to drop briefly, as the devices switch between Wi-Fi access points
• performance and speed issues - double encryption reduces throughput and slows down large file transfers
• battery drain - mobile devices and laptops lose more battery with VPN always on

See more on possible problems and security issues in wireless networking.

Firewalls

A firewall is a device or piece of software that controls what data is allowed to pass through it. Effectively, it acts as a digital guard, checking the network and blocking unauthorised traffic.

You can use a firewall in a network for:

• guest Wi-Fi isolation - to separate an insecure part of the network from the secure area where your most critical data is managed
• wireless/wired separation - to split traffic to stop compromised Wi-Fi devices spreading malware to your trusted desktop network
• traffic filtering - to block staff accidentally visiting phishing sites or downloading malware through Wi-Fi

Most broadband routers include basic firewalls, but they rarely protect your WLAN properly. You may need an additional device depending on your network design.

Unless you have good IT security skills available internally, you should seek advice from an experienced consultant to help you design your network and configure your firewall.

It's important to understand that no single solution will give you guaranteed protection against existing network vulnerabilities. In most cases, the best way to secure your wireless network is to:

• set up and maintain the network and the connected devices correctly
• implement appropriate safety measures
• train your staff on acceptable use and networking best practices

Find 10 tips for better wireless network security and read about server security.