When your internet provider installs a router, it comes preconfigured with default settings designed for easy setup — not security. The default admin password is often printed on a sticker on the device. The network name reveals the router brand. Wi-Fi Protected Setup is usually enabled. These defaults exist so that anyone can get online quickly. They also mean that anyone with a few minutes and a search engine can get onto your network just as easily.
If an unauthorized person gains access to your Wi-Fi network, they are inside your perimeter. From there the possibilities include monitoring all unencrypted traffic flowing across the network, intercepting login credentials sent over non-secure connections, accessing shared drives, printers, and networked devices, launching attacks against individual machines on the network, and using your internet connection for illegal activity — with your IP address attached to it.
This does not require a sophisticated attacker. Wardrivers — people who drive around scanning for accessible networks — are a real phenomenon. So is the disgruntled former employee who still remembers the Wi-Fi password. The neighbor who borrowed your password and never lost it. The customer who sat in your waiting room and captured your network details. The risk is closer than most business owners realize.
Every change in this guide is made through your router's administration interface. Here is how to get there:
The admin password is separate from the Wi-Fi password. It controls who can change your router's settings. Default admin credentials — admin/admin, admin/password — are publicly listed for every router model. Anyone who can reach your router's admin interface with those credentials can reconfigure your entire network.
Find the admin password settings (usually under Administration, Management, or System) and replace the default with a strong, unique password. Store it in your team's password manager. This is the most important change you will make.
Wi-Fi encryption determines how data is scrambled as it travels between devices and your router. Older protocols — WEP and WPA — have known weaknesses and can be cracked in minutes with widely available tools. You need WPA2 at minimum, and WPA3 if your router supports it.
In your router settings, look for Wireless Security or Wi-Fi Security and confirm the security protocol is set to WPA2-AES or WPA3. If you see WEP or WPA (without a number), change it immediately. While you are there, make sure your Wi-Fi password is at least 16 characters — a random mix or a long passphrase.
Your network name (SSID) broadcasts publicly to anyone nearby. If it contains your router's brand name — NETGEAR-1234, Linksys-5678 — it tells attackers exactly what hardware you are using, which helps them select the right attack tools. If it contains your business name, it makes you easier to target specifically.
Change your SSID to something that does not reveal the router brand or your business identity. Something generic that does not stand out is fine. What matters is removing the identifying information.
Wi-Fi Protected Setup (WPS) is a feature designed to make connecting devices easier by pressing a button or entering an 8-digit PIN. The PIN-based WPS has a well-documented vulnerability that allows an attacker to crack the PIN in hours and gain full network access regardless of how strong your Wi-Fi password is.
Disable WPS entirely. Look for it under Advanced Wireless Settings or Wi-Fi Protected Setup and turn it off. You will connect new devices by entering the Wi-Fi password the normal way — a minor inconvenience compared to the exposure WPS creates.
If clients, customers, or visitors ever connect to your Wi-Fi, they should not be on the same network as your business computers and shared drives. A guest network gives them internet access while keeping them isolated from everything else on your network.
Most modern routers include a Guest Network feature. Enable it, give it a different name and password from your main network, and make sure the setting that prevents guests from seeing other network devices is turned on. The guest password can be changed periodically — or even posted publicly in your waiting area — without ever touching your main network credentials.
Router manufacturers release firmware updates that patch security vulnerabilities. These updates are not applied automatically on most routers. Check your router's administration interface for a firmware or software update option, and run it now if an update is available. Then set a reminder to check again every few months.
If your router is more than five years old, it may no longer receive security updates from the manufacturer. An unpatched router is a permanent vulnerability. Replacing aging network hardware is one of the most cost-effective security improvements a small business can make.
For businesses with higher security requirements — those handling health records, legal documents, financial data, or payment card information — basic Wi-Fi hardening may not be enough. Network segmentation separates your network into isolated zones: one for workstations, one for servers, one for guests, one for IoT devices like printers and security cameras. Even if an attacker gets onto one segment, they cannot move laterally to the others.
This level of configuration typically requires professional setup. It is one of the things we handle for clients whose risk profile warrants it.
We assess and harden small business networks as part of every engagement — configuring your router, segmenting your traffic, and eliminating the gaps that put you at risk.