Wi-Fi is becoming a must-have for businesses of all sizes. You'd be hard-pressed to find a cafe, hotel, or auto dealership without free public Wi-Fi; other types of businesses need Wi-Fi - picture your typical office setting - because workers need Internet connectivity even when they move around the office, on their laptops and mobile devices.

For small businesses, Wi-Fi networks are deceptively simple to set up. But using consumer-grade Wi-Fi access points in your business with the out-the-box defaults could put all your employees and customers, and your business, at risk.

Getting Wi-Fi security right is essential for small businesses especially. Here are three key things small businesses should know about securing Wi-Fi.

1. Use WPA2 with EAP-TLS security

Make sure to use WPA2 when you set up your network. WPA2 encryption is strong enough to prevent snoopers sniffing your data over the air. To make sure only legitimate users can access the network, combine it with EAP-TLS authentication.

Open Wi-Fi networks are inherently unsecure. There is nothing to prevent snoops from spying on your network traffic, or cybercriminals tricking your users into visiting a website under their control. The security setting known as WEP is also insecure – it can be cracked in minutes.

EAP-TLS is preferable in a business environment because it uses certificates rather than a a pre-shared key (PSK) - a password - to validate users.

2. Wi-Fi networks should be firewalled from the rest of your network

Even if you have strong encryption, Wi-Fi networks should be firewalled from your servers and the rest of your network. Business networks often need to support visitors and contractors as well as employees - all of whom need varying levels of access. Make sure you have a second guest network that’s completely isolated.

Without proper access controls anybody and everybody can connect to the network, putting sensitive data at risk.

3. Watch out for rogue hotspots

You need to be conscious of rogue hotspots and devices. Rogue Wi-Fi at the least is stealing spectrum and slowing your network down. At worst, someone could tempt you or your employees to connect to a rogue hotspot that's the same name as your corporate network, which could be used to attack you just like on an unsecure open network.

7 Deadly IT Sins

Unsecure Wi-Fi is one of Sophos's 7 Deadly IT Sins. You can read more about that and the 6 other sins on the Sophos website here.