For smaller businesses and organizations especially, the simple personal or Pre-Shared Key (PSK) mode of Wi-Fi Protected Access (WPA/WPA2) security is much more attractive over the enterprise mode. With the personal mode, it takes just a couple seconds to set the Wi-Fi password, and most users understand they have to enter it in order to connect via Wi-Fi. The enterprise mode of Wi-FI security, however, isn't so effortless. You must setup a RADIUS server for the 802.1X authentication and then create and give out unique login credentials to users.
That said, typically the personal mode of Wi-Fi security actually requires more work in the long-run to keep the network safe. Since there's only a single global password for everyone, it would need to be changed at least every time an employee leaves the company or organization and when a user loses a Wi-Fi device in order for the network to remain secure. Without changing the password, the ex-employee or thief could simply return to the workplace--even if from the parking lot--and connect to the Wi-Fi.
The enterprise mode of Wi-Fi security doesn't have to be difficult. There are hosted RADIUS services, for instance, that you can use so you don't have to invest time and money in deploying your own.
No matter which Wi-Fi security mode you use, ensure strong passwords are used. The longer and more complex, the better. Utilize both upper and lower case letters, numbers, and special characters. Certainly don't use words that would be in a dictionary.
Using a weak password with the personal (PSK) mode could make it very easy for someone to crack it. Though the AES encryption offered by WPA2 security is strong, all passwords are susceptible to brute-force dictionary attacks. This is where software repeatedly guesses the password using a dictionary of common words and phrases until it finds the correct password. That is why you don't want your password containing any word or phrase that could be in a dictionary.
The same vulnerability applies to passwords used for the enterprise mode of WPA2 security. However, there are a few more hoops a hacker would have to get through before they could attempt brute-force cracking attempts on the 802.1X passwords.
Don't forget about other network passwords as well, such as for your router, firewall, and access points. Ensure you change the default password on these network components to something strong. You don't want curious users getting to the network settings.
Hiding the SSIDs, or network names, of your wireless network may seem like it offers security benefits, as someone must have it before attempting to connect, but doesn't protect you from those really trying to get in.
Sign up for MIS Asia eNewsletters.