An important first step when setting up a network is to change the default password for your router. A router's default password is usually published on the manufacturer's website, making it easily discoverable by would-be attackers. Choose a new, strong password that is at least eight characters long, difficult for others to guess, and isn't re-used for any other service your business uses.
It's also wise to disable 'remote configuration' of your router. Disabling this feature ensures your router can only be managed from a computer within your network rather than from a person logging in from the internet.
Your office network has a name, known as an SSID. These are the network names you typically see when you're travelling, or are in a public place, and looking for a Wi-Fi network to connect to.
Limit the ability for unauthorised users to find or access your network by disabling the SSID broadcast. You'll need another way to communicate the name of your wireless network to new users - perhaps you can simply tell them.
Find the 'disable the SSID broadcast' option in your router's settings.
To prevent unauthorised access to your networked files, wireless communications between the computers on your network should be encrypted. Encryption scrambles your data so only the devices that are authorised to use the network can read it.
Setting up encryption on your network is usually done through the 'Wireless Security' settings on your router. It typically involves selecting the type of encryption for your network, and creating a network password or key.
WPA2 is currently the most secure type of encryption for small business and home routers, provided it is combined with a strong password. Users are asked for a password when connecting to the network for the first time, but won't be asked on future occasions.
Less secure encryption options such as WEP should only be used on older routers where WPA2 (or WPA) is unavailable.
It's a good idea to regularly change your network password. Doing so will prevent staff members that have left the business from having ongoing access to the network.
When guests pop in to the office - be they temporary staff, contractors or friends - it's common to offer them network access so they can use the internet.
Look for options on your router that offer visitors access without granting access to other network resources such as servers or printers. Most routers call this 'Guest Access'.
Modern routers can usually create a separate network that gives connected devices access to the public internet but nothing else. You'll find these options within your router's wireless security settings.
Modern routers come with a range of features.
Services like FTP, UPnP and WebDAV are useful for specific applications. But if you don't need these services, don't turn them on.
Each enabled service is a potential opportunity for unauthorised users. It's what security experts call the "threat surface" and the best approach to data defence is to make that surface as small as possible.
It's good practice to maintain an inventory of approved devices and update this list any time a device is added or removed from the network. Regularly comparing your network against this list and removing access to devices that are unknown or not approved will improve the security of your business.