Securing business Wi-Fi routers

Small to medium sized businesses are prime targets for hackers and scammers. They don’t usually have the technical resources of larger companies but have more to lose, or to steal, than individuals. 

If you want to minimise the risks of being hacked and protect what’s yours, securing your router is paramount.

The good news is, we’ve teamed up with Broadband Genie to create this guide that has all the information you need to secure your own business Wi-Fi router!

Why are routers targeted?

Routers are like the front door to your business. They offer a point of entry for anyone who wants to try to enter your network. That makes them prime candidates for attack.

Break your router security and your network is open for anyone to explore.

A mixture of parts shortages means we are using older routers for longer. A lack of expertise and the availability of hacking tools means there are more risks out there than ever before.

All combine to make business routers prime candidates for attack.

Simple steps to help protect your business

So that’s the why of router security, now let’s get to the how.

You will need access to your router’s administration dashboard to perform many of these steps. Each router is different so will have different ways to access the dashboard. 

Check your router’s manual for specifics for your make and model.

Change the administrator password

The first thing you should do whenever you buy a new router is change the administrator password. Default router passwords are widely known and are frequently published online.

Therefore, your first task is to change the password to something difficult to guess. Make sure it’s long (12 characters at least, but the longer the better), and don’t use individual words. A mix of random characters is best, and you should use a password manager to store it so you don’t need to worry about remembering it.

Check and change the Wi-Fi password

If you use Wi-Fi at work, you should change that password too. Like administrator passwords, default Wi-Fi passwords are well known or easy to guess. 

Changing the Wi-Fi password to something secure is the second best thing you can do to improve security after changing the admin password.

Your router should have a Wi-Fi section within the dashboard and the option to change the password. Create a strong password and save the change.

Update the router firmware

Router firmware is like computer software. It’s what controls the hardware and provides features for you to use. Firmware updates can also include security patches to improve existing security or to fix vulnerabilities discovered after release.

Most routers have a firmware update option within the administrator dashboard. Some will download it automatically while others may require manual download. 

Follow your manufacturer’s instructions as appropriate.

Make sure Wi-Fi uses at least WPA2, ideally WPA3

WPA2 and WPA3 are encryption protocols used by Wi-Fi routers to keep your traffic secure. It is vital to use the latest version in order to protect your Wi-Fi traffic.

Most newer routers should automatically use WPA2 or WPA3 security. WPA2 is strong security used on current and older routers. WPA3 is a newer security protocol that protects Wi-Fi traffic.

Check the Wi-Fi areas of your router dashboard and use WPA3 if you have the option or WPA2 if you don’t.

Use HTTPS to access the router administration dashboard

HTTPS is a secure protocol for web access and should be default for all websites. It should also be default for accessing your router administration dashboard, as it protects you against eavesdropping.

HTTPS encrypts all connections between your browser and the website, in this case, your router. 

Your admin dashboard should include the option to use HTTPS within the main settings area.

Restrict administrator access to wired connections

Many newer routers have the option to not allow access to the administrator dashboard using Wi-Fi. This is to help protect your network from external hacking and is a very useful method of protecting your business network.

It means only someone connected to the router using an Ethernet cable can access the admin panel, which is an excellent security precaution.

If your router has this option, you should see it in the main settings area along with HTTPS access.

Disable WPS

WPS, Wi-Fi Protected Setup, is a legacy setting that means anyone who can press a button on your router can join your network. While lower risk than many of these other settings, it’s still a theoretical weakness, especially if you regularly have visitors in your workplace.

There should be a setting within the main settings area of your administrator dashboard to enable or disable WPS. We recommend disabling it.

Use a guest network

If you provide Wi-Fi to visitors, you should create a guest network. This keeps your business network entirely separate and means a visitor using Wi-Fi should not be able to access anything to do with your business.

Most routers will have the option for guest networks but will go about creating them in different ways. 

This is another of those ‘read the manual’ moments. Check your manual and follow the instructions for creating a guest network.

Upgrade the router

If you have an older router that doesn’t have WPA2 or WPA3, no longer receives firmware updates or has slow Wi-Fi speeds, perhaps now is a good time to upgrade.

Routers are in short supply right now but they are still available. 

New routers should have better security, support for new faster Wi-Fi speeds, WPA3 encryption and perhaps more. If your router is more than a few years old, perhaps now is a good time to upgrade!