Upgrade to WPA2-Enterprise Wi-Fi Security - Small Business Computing

Upgrade to WPA2-Enterprise Wi-Fi Security

Written By
Eric Geier
Eric Geier
Apr 19, 2012
3 minute read

Your small business’s Wi-Fi security is crucial. When you leave your wireless router or access points (APs) completely unprotected, anyone within range of the signal can connect to your wireless Internet, capture your traffic, and possibly access your computers and other network resources. And if you’re using an older network security standard, the security could possibly be hacked, bypassed, and otherwise not provide adequate protection.

You may have been told not to use WEP security as it can be quickly cracked, and that you should instead use Wi-Fi Protected Access: the first version, WPA, or the latest, WPA2. However, you should also understand there are two very different modes, both of which can be used with WPA and WPA2.

1. Personal Mode or Pre-shared Key (PSK)

Personal mode is easiest to setup and requires that you create a simple password on your wireless router or APs then enter it into computers and wireless devices when connecting to the Wi-Fi. Though WPA2 provides strong encryption and security and is potentially uncrackable by hackers if you use a long and strong password, the Personal Mode doesn’t provide adequate protection for businesses with more than a couple of Wi-Fi users.

Since the Wi-Fi password is saved into the computers and devices, if they’re lost, stolen, or an employee leaves the company, anyone can come back to your business and connect to your Wi-Fi. To prevent this you would have to change the Wi-Fi password on all your wireless routers/APs and on each Wi-Fi computer and device.

Additionally, your Wi-Fi network could be susceptible to other vulnerabilities when using this mode, like network users eavesdropping on each other’s traffic and the Wi-Fi Protected Setup (WPS) PIN security hole.

2. Enterprise Mode, or 802.1X or RADIUS Mode

Enterprise mode provides adequate protection for businesses, however it is more complicated to setup, and it requires an external server called a RADIUS or AAA server. Instead of creating a global password on the Wi-Fi routers or APs, each user can receive unique login credentials. You can assign users their own username and password and/or a file (digital certificate) that they install on their computer or device.

Even though users can save these to their computers or devices, if the device is lost or stolen — or the employee leaves the company — you can easily revoke access or change the login credentials on your RADIUS server. Using this mode also prevents other types of attacks, like users eavesdropping on each other’s traffic and the Wi-Fi Protected Setup (WPS) PIN security hole.

Keep in mind that 802.1X authentication can also be implemented on the wired side of your network as well, so users plugging in via Ethernet must also provide login credentials before being granted access. However, wired 802.1X isn’t supported on consumer-level and even some small business-level routers. If you want to use 802.1X on the wired side, your switches must support it.

Small Business Computing Logo

Small Business Computing addresses the technology needs of small businesses, which are defined as businesses with fewer than 500 employees and/or less than $7 million in annual sales. To address the needs of these small businesses, Small Business Computing offers detailed coverage of cost-effective technology solutions, including lists of top vendors, product comparisons, and how-to guides that offer specific tools to help solve issues.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.