Wireless networks are popular in small and midsized businesses because they are easy to set up and convenient to use. However, if a wireless network is not properly secured, hackers within range can access it and infiltrate your network.

Here are eleven ways you can lock down your business’s wireless network and keep hackers at bay:

1. Use a Strong Password for Your Wireless Router’s Administrator Account

Many wireless routers ship with a default password for the administrator account. It is important that you change the default password to a strong one that is at least eight characters long. The password should include uppercase and lowercase letters as well as numbers (but not in a predictable pattern). When possible, you should also include special characters, such as percent signs and asterisks.

2. Change Your Wireless Router’s SSID

A wireless network’s name is called a service set identifier (SSID). Many vendors ship their wireless routers with the same default SSID. Keeping the default SSID might signal to a hacker that your wireless network is not properly configured and vulnerable to attack. Because of this, you should change your network’s SSID to a unique name.

3. Make Sure Your Wireless Router’s Firewall Is Enabled

Most wireless routers have built-in firewalls, but sometimes they ship with the firewall turned off. You need to make sure that your router’s firewall is turned on. This is a good time to also check your firewall’s settings. Your IT service provider can help you determine whether your firewall is properly configured.

4. Use WPA2 for Wireless Communications

Every wireless router offers encryption. Encryption scrambles your data and makes it unreadable, except by the recipient. Three common encryption protocols are Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), and Wi-Fi Protected Access 2 (WPA2). Using WPA2 is best because it employs the hardest-to-crack encryption algorithm. If you have an older router that does not support WPA2, you can use WPA. Do not use WEP as it is outdated and easily hacked.

5. Disable WPS If You Are Using a Consumer-Grade Wireless Router

It is not uncommon for businesses to use consumer-grade wireless routers. These routers often include Wi-Fi Protected Setup (WPS), which provides a user-friendly front-end for encryption protocols such as WPA2. With WPS, users can connect a device to a wireless network by simply pushing a button or entering a personal identification number. However, hackers can exploit a vulnerability in WPS to gain access to wireless networks. So, if your wireless router supports WPS, disable it.

6. Disable Your Wireless Router’s Remote Management Feature

Many wireless routers have a feature that lets you manage them from a remote location. Unfortunately, it often leaves routers susceptible to attacks. For this reason, you should disable remote management if you do not need to use this feature.

7. Make Sure Wi-Fi Sense’s Network-Sharing Functionality Is Disabled on Windows 10 Devices

Windows 10 and Windows 10 Mobile include a feature called Wi-Fi Sense. Besides helping users find open Wi-Fi hotspots, this feature lets them share their Wi-Fi networks, without sharing those networks’ passwords. Users can share their Wi-Fi networks with their contacts from Facebook, Skype, and Outlook.com. However, users cannot specify individuals within a group (e.g., within Facebook) — the network is shared with all the contacts in that group.

Although the contacts can only use the network to get online, you might not want your employees sharing your business’s wireless network. If that is the case, you need to make sure Wi-Fi Sense’s network-sharing functionality is disabled on your Windows 10 and Windows 10 Mobile devices.

8. Consider Using MAC Address Filtering

Each device that is able to connect to a Wi-Fi network has a unique ID called a Media Access Control (MAC) address. You can configure your wireless router to check the MAC addresses of devices trying to connect to it, allowing connections only from the devices it recognizes. Admittedly, it takes time and effort to enter the MAC addresses of all the devices allowed to access your wireless network, but your network will be more secure.

9. Keep the Wireless Router’s Firmware Updated

Every wireless router has firmware. Firmware is software that gives the device its functionality. Like any other type of software, firmware sometimes has bugs or security vulnerabilities. When you keep your wireless router’s firmware updated, known bugs and vulnerabilities are fixed, making your router more secure.

10. Log Out of the Wireless Router’s User Interface

Most wireless routers have a browser-based user interface, which people use to configure router settings. If you leave this interface open and someone gets access to your computer, your router is vulnerable. Thus, you should always log out when you are finished configuring the router.

11. Protect the Computers That Access Your Wireless Network

Despite your best efforts, hackers may still infiltrate your wireless network. For this reason, you need to use anti-malware software on all the computers that access your wireless network. In addition, you need to keep those computers’ operating systems and applications updated so that known bugs and security vulnerabilities are patched.