Use secure business-class WiFi routers. Wireless security starts with the choice of a wireless router that can ensure strict adherence to all security requirements and the functionality you need. Routers for home and business are different, so make sure that the selected model fully meets all your specific business requirements. The business-class WiFi router provides advanced configuration and bandwidth capabilities, as well as support for VLANs (Virtual Local Area Network, Logical Local Area Network), multiple SSIDs (Service Set Identifier, unique name for the wireless network), built-in VPN and much more.
Restrict access to routers
This seems obvious, but many companies have their WiFi routers installed where all company employees, and in some cases guests, have physical access to them. The danger of such errors of the project team is that a simple press of the reset button (RESET) will return the router to the factory settings and, thereby, will bypass any security measures that you previously installed on it. Therefore, for the safety of wireless networks, make sure that only authorized personnel are allowed to access the router physically.
Stay on top of the latest firmware and software updates
Make sure you always have the latest firmware update for your wireless routers. You also need to check the security software update for any of the devices that have access to your corporate WiFi network. Depending on the systems you have deployed, you can automate this process, which is very important for wireless security. Automation of updates is usually the best option for this kind of task, since your protection will no longer depend on the human factor. Thus, you will protect your WiFi network in a timely manner from any new vulnerabilities that are already detected or may appear in the hardware or software solutions you use.
Use WPA2 or WPA2 enterprise
The corporate version of WPA2 will give you more control, as you can set individual usernames and passwords for all your employees using your WiFi. This will require you to configure your own server. But even if you do not have enough experience or resources for this, such services can be outsourced. Thus, your wireless WiFi network will be protected with the help of WPA2 enterprise, and outsourcing provider will deal with all technical aspects.
Disable administering wirelessly on your routers
Of course, it’s much more convenient to administer the router wirelessly, but by leaving the “Admin Via Wireless” option enabled, you will provide attackers with a physically and potentially dangerous path to your network infrastructure that is more accessible to them. When this feature is disabled, only users directly connected to your router via an Ethernet cable will be able to access administrator functions.
Set up private access for employees and public access for guests
This way you split your network into two separate access points. A well-protected and configured corporate access point will be available only to your employees to carry out their work tasks, while your customers and guests can use a public access point to get wireless Internet access. This will eliminate the possibility of accidental or intentional access of guests to your system, including confidential information, as well as protect your corporate traffic from listening.