Do You Know Who's on Your Network?

Could you tell me exactly who has access to your company's network?

If you’re not sure, or if you have to stop and think about it, that’s something worth fixing. As the person responsible for IT, you need to know who and what is connecting to your systems at all times.

We live in a world where everything is connected. Cables cross oceans, run under streets, and link buildings together. But the real danger often comes from much closer to home. The truth is, the final stop in your network’s connection might be the most vulnerable part.

If you haven’t figured it out yet, I’m talking about Wi-Fi. More specifically, IEEE 802.11b Direct Sequence, better known as wireless networking. It’s everywhere now, built into our phones, laptops, cameras, and smart devices.

In this post, I’m going to walk you through the basics of making your Wi-Fi network more secure. We’ll cover default settings, encryption types, guest access, remote management, and why updates matter. Let’s start at the beginning.
 

1. Change the Default Settings

Think about the most common username and password combinations:

• admin/admin
• admin/password
• root/root
• user/user
• admin/1234

If your credentials are anywhere close to these, stop reading and go change them right now. Then come back.

Default login settings on routers, firewalls, and access points are widely documented. That means attackers know what to try first. Leaving these settings unchanged makes your network a very easy target.

To fix this, change both the username and password to something unique. Do not reuse your Wi-Fi password for admin access. Also, make sure your Wi-Fi password itself is strong. Use a mix of uppercase and lowercase letters, numbers, and symbols. While you're at it, check for firmware updates and install them regularly. Once a vulnerability becomes public, attackers move quickly.

2. Use the Right Wi-Fi Encryption

If you have the option to choose WPA3, use it. If not, WPA2 is the minimum you should be using, with a strong password.

Here’s a quick breakdown of the most common encryption types so you understand why WPA3 is best.

WEP (Wired Equivalent Privacy)
Introduced in 1997, WEP relied on the RC4 encryption algorithm, which was cracked even before WEP was released. It’s outdated and highly insecure. You should never use it.

WPA (Wi-Fi Protected Access)
WPA came along in 2003 to replace WEP. It used TKIP encryption and was a big improvement, but it still has known weaknesses and should be avoided if possible.

WPA2
Released in 2004, WPA2 is much more secure thanks to AES encryption. It remains the most commonly used standard today and is usually seen as WPA2-PSK for personal use or WPA2-Enterprise for business networks. While it is stronger than WPA, it still has some vulnerabilities, such as the KRACK exploit.

WPA3
This is the latest and most secure standard. Released in 2018, WPA3 defends against dictionary attacks and makes it easier to securely connect new devices. Versions include WPA3-Personal, WPA3-Enterprise, and Wi-Fi Enhanced Open for public networks. Adoption is still growing, but it is well worth using if your equipment supports it.

3. Create a Guest Network

Here’s a quick question. Do you want guests in your office to have access to your company files or internal systems?

Most people would say no.

Setting up a separate guest network is the easiest way to prevent that. Most routers, firewalls, and access points allow you to create a second network specifically for guests. This lets visitors get online without giving them access to sensitive data or devices.

Even better, you can set rules to block communication between the guest network and your main network. This simple step reduces risk while still providing access for clients or partners who stop by.

4. Disable or Restrict Remote Management

Did you know your router has a public-facing IP address? You can check yours by visiting whatismyipaddress.com.

If remote management is enabled by default, someone could try to log in from anywhere in the world. That is not something you want left open.

To protect yourself, turn off remote management unless it’s necessary. If you need it for support from your Managed Service Provider (MSP), set up access so only their IP address can connect. Always use strong credentials and multi-factor authentication if available.

These small changes can significantly reduce your network’s exposure.

5. Stay on Top of Updates

If I’ve said it once, I’ve probably said it a thousand times: update your hardware.

That means routers, modems, access points, firewalls, and switches. Any device that connects to your network and has a chip in it should be checked for firmware updates regularly.

You don’t have to update everything immediately. Set a recurring time, maybe once a week, to check for available patches. Pick a day when you can do the updates after hours or early in the morning. It doesn’t take long, but it can make a huge difference in your network security.

Patches exist for a reason. Once a vulnerability is made public, it doesn’t take long for bad actors to start scanning the internet looking for unpatched systems.

Final Thoughts

Securing your business network isn’t about being perfect. It’s about being consistent. Make the small changes that protect your systems over time.

Here’s a quick checklist:

• Change all default settings and passwords
• Use WPA3 if possible, or WPA2 with a strong password
• Separate guests from your main network
• Lock down or disable remote access
• Keep your network devices updated

These steps are straightforward, but often overlooked. If you need help implementing them or want someone to manage it for you, MSP Shift is here to help. Our team makes IT easier by giving you peace of mind and better security.

 

Helpful Resources

• What does Wi-Fi stand for? – New Scientist
• Wireless encryption basics – TechTarget