Network
Business Wi-Fi Security Checklist
Lock down your wireless network before an attacker in your parking lot does it for you.
📡 All routers / APs⏱ 45–90 min👤 IT Admin or Owner
Your Wi-Fi network is the front door to your business. If it's misconfigured, every device on the network — computers, point-of-sale systems, security cameras — is potentially reachable by anyone in your parking lot. This checklist closes the obvious gaps.
1. Router / Access Point Access
-
Log in to your router admin panel and change the default admin passwordThe default credentials (admin/admin, admin/password) are published online. Change them immediately.
-
Disable remote management / WAN-side admin accessUnless you specifically need to manage the router from the internet, turn this off.
-
Update the router firmware to the latest versionManufacturers patch known vulnerabilities in firmware. Check the admin panel or manufacturer site.
2. Wireless Network Configuration
-
Set the encryption standard to WPA3 or at minimum WPA2-AES (not TKIP, not WEP)WEP and TKIP are broken. If your hardware only supports these, it's time to replace it.
-
Set a strong Wi-Fi password — 16+ characters, not your business name or addressUse a random passphrase. Change it when employees leave.
-
Disable WPS (Wi-Fi Protected Setup)WPS has known vulnerabilities. Disable it in the router admin panel.
-
Change the network name (SSID) to something that doesn't identify your business or hardware brandDon't broadcast 'LinksysRouter' or 'OceanSpringsLaw' — both are useful to attackers.
💡 MTDS tipIf you're running UniFi gear, MTDS can configure your SSIDs, VLANs, and guest isolation remotely. We standardize on UniFi for all our managed clients — it gives us granular control most consumer gear can't match.
3. Guest Network Isolation
-
Create a separate guest Wi-Fi network for customers and visitorsGuest devices should never be on the same network as your business systems.
-
Enable client isolation on the guest network so guest devices can't see each otherThis prevents one guest from sniffing another guest's traffic.
-
Ensure guest network cannot reach your internal network (file shares, printers, NAS)Verify with a test device — connect to guest, try to access your internal printer or file share. It should fail.
4. Network Monitoring
-
Review connected devices list monthly — look for unfamiliar devicesYour router or UniFi controller lists every connected device. Anything unrecognized warrants investigation.
-
Consider enabling intrusion detection / IDS if your hardware supports itUniFi's Threat Management and most business-grade firewalls offer basic IDS at no extra cost.
⚠️ Heads upPublic-facing Wi-Fi (coffee shop, waiting room) should always be on a separate VLAN or guest network completely isolated from your operations network. Assume guest users are hostile.
Want a professional network audit?
MTDS can assess your current Wi-Fi setup, identify vulnerabilities, and implement a properly segmented network using enterprise-grade UniFi hardware.
Talk to MTDS