Securing your wireless network
Wi-Fi protected access (WPA)
Wi-Fi protected access (WPA) is the modern standard that encrypts your business wireless network. It replaced Wired Equivalent Privacy (WEP), which proved particularly vulnerable to hacking.
The Wi-Fi Alliance created WPA protocols to scramble wireless data using stronger encryption. Three generations of protocols evolved to meet growing threats:
- WPA (2003): First fix for WEP - now obsolete.
- WPA2 (2004): This was industry standard for 20 years. Now proven vulnerable to KRACK attacks that steal data mid-session.
- WPA3 (2018): This is the current best practice standard. It offers better protection against password guessing and session attacks, and adds forward secrecy, which means past sessions stay safe even if the system gets compromised.
How does Wi-Fi protected access (WPA) work
With all WPA versions, your router and devices start with one shared password. They use it to mathematically generate different encryption keys for every single data packet - emails, files, web pages. If a hacker intercepts one packet, the key expires immediately. The next packet uses a completely new key. They can't unlock anything without cracking millions of maths calculations per second.
Which WPA should your business have
The National Cyber Security Centre (NCSC) recommends WPA3 for all new wireless network deployments. There are two modes for businesses. You should choose the mode based on your business size and security needs.
Personal mode
This is best for small businesses and teams with under 50 devices. It uses a pre-shared password or passphrase for authentication. Each device gets individual encryption keys, which means that one compromised device doesn't expose others. It's best suited for simple office Wi-Fi, retail or home workers. It works with Wi-Fi 6/7 and most routers since 2020 support it.
Enterprise mode
This is for medium to large businesses with 50+ devices or regulated sectors. It uses a more sophisticated method of encryption with individual user authentication for each user/device. It is required for government contracts, financial services and healthcare sectors, and essential where cyber insurance mandates strong authentication.
Upgrading to WPA3
Most businesses can upgrade their networks to WPA3 without needing technical expertise. It involves logging into your router to change the security setting from WPA2 or WEP to WPA3, creating a strong password, saving the changes and reconnecting your devices. Most modern phones, laptops and printers work fine immediately.
If you're unsure how to do this, ask your ISP or IT support to enable WPA3 for you. WPA3 will work alongside your existing WPA2 devices during upgrade, avoiding the need to replace all of your equipment at once.
It's important to note that even WPA3 is not impervious to threats. You should mitigate them via regular software upgrades, including patches to your operating systems and router firmware.
Keep in mind that wireless hardware manufacturers often supply their products with the security settings turned off. Make sure that you set the device up properly before using it. See 10 tips for better wireless network security.