Secure wireless network: top tips for secure Wi-Fi

4.Provide a separate network for guests

If your business allows visitors to use Wi-Fi, it's sensible to offer a guest network. This means that they can connect to the internet without getting access to your company's internal network. This is important both for security reasons, and also to prevent them inadvertently infecting your network with viruses or other malware.

One way to do this is by using a separate internet connection with its own wireless access point. In fact this is rarely necessary as most business grade wireless routers have the capability of running two Wi-Fi networks at once - your main business network, and another for guests (often with the SSID "Guest".)

It makes sense to turn on WPA protection on your guest network - rather than leave it open - for two important reasons. The first is to provide some level of control over who uses it: you can provide the password to guests on request, and as long as you change it frequently you can prevent the number of people who know the password growing too large.

But more importantly, this protects your guests from other people on the guest network who may try to snoop on their traffic. That's because even though they are using the same WPA password to access the network, each user's data is encrypted with a different "session key," which keeps it safe from other guests.

5.Hide your network name

Wi-Fi access points are usually configured by default to broadcast the name of your wireless network - known as the service set identifier, or SSID - to make it easy to find and connect to. But the SSID can be also be set to "hidden" so that you have to know the name of the network before you can connect to it.

Given that employees should know the name of your company Wi-Fi network, it makes no sense to broadcast it so that anyone else who happens to be passing by can easily find it too.

It's important to note that hiding your SSID should never be the only measure you take to secure your Wi-Fi network, because hackers using Wi-Fi scanning tools like airodump-ng can still detect your network and its SSID even when it is set to "hidden."

But security is all about providing multiple layers of protection, and by hiding your SSID you may avoid attracting the attention of opportunistic hackers, so it is a simple measure that is worth taking.