Your office Wi-Fi probably works fine. That's the problem. When it works, nobody looks at it — and that's exactly what attackers count on. Most small business Wi-Fi gets set up once and then runs untouched for years, quietly collecting risk the whole time. The threats aren't theoretical, either. Variants of Mirai — first written to create botnets — remain one of the most popular forms of malware attacking internet-connected devices worldwide. Most of these attacks don't need a genius hacker. They need a router nobody checked. Here are five signs yours might be one of them — all of which you can spot yourself or ask your IT person about today.
Sign 1: You've Never Changed the Default Password on the Router or Access Point
Every router and access point ships with a built-in admin login. Not your Wi-Fi password — the password that controls the device itself. If nobody changed it when it was installed, it's likely still the factory default. And factory defaults aren't secret. They're printed in manuals, listed on websites, and built into automated attack tools.
This is the single most common way small business networks get taken over. Routers make excellent targets for botnet operators because they are often deployed with default credentials enabled, easily allowing a remote threat actor to log into the device and compromise it. The attack tools simply try the known logins, one device after another, until one opens.
Think of it like the building's master key. You changed the lock on the front door — your Wi-Fi password — but the master key that opens everything is still the one that came taped to the box. Anyone who's seen that box has it. Ask your IT person one question: "Did we change the admin login on our network gear?" If the answer is "I think so" or "not sure," treat that as a no.
Sign 2: Guests, Staff, and Devices All Connect to the Same Wi-Fi
If a customer in your waiting room and your accountant's laptop are on the same Wi-Fi network, you have a problem. One network means everything can talk to everything. A guest's malware-infected phone, a smart thermostat, the security camera, your file server — all in the same room with no wall between them.
A guest network isn't a courtesy feature. It's a wall. It lets visitors get online while keeping them away from the computers that hold your business data. Without that wall, one compromised guest device can become a path to everything else. This is the same reason the cheap, connected gadgets matter so much — they're easy to break into and rarely watched.
Picture an office where every interior door has been removed. People can get work done, but anyone who walks in the front can wander into any room, including the one with the safe. A guest network puts the doors back. Ask: "Is our guest Wi-Fi separated from our business network, or is it all one network?"
Sign 3: You're Relying on Older Wi-Fi Security on Hardware That's Years Old
Wi-Fi security has versions, like anything else. Older equipment often runs an older standard called WPA2. WPA2 isn't worthless, but it has a known, documented weakness — and on old hardware that never got updated, that weakness may never have been fixed.
The flaw is real and it's been public since 2017. It's called KRACK, and it carries official tracking number CVE-2017-13077 — a reinstallation of the pairwise encryption key in the 4-way handshake. In plain terms: an attacker within Wi-Fi range may be able to decrypt network traffic, hijack connections, and inject content into the traffic stream. Devices that got patched are fine. Devices that never got an update — common with older access points — may still be exposed years later.
"Most office networks don't get hacked because someone was clever — they get hacked because nobody was looking."
It's like a lock recall. The manufacturer admitted a defect and sent out a fix. If your locksmith installed the fix, you're good. If your locks are old enough that nobody ever came to fix them, you're still using the defective ones. Ask: "What Wi-Fi security are we running, and is our equipment new enough to have received the KRACK fix?"
Sign 4: Nobody Can Tell You What's Actually Connected to Your Wi-Fi
Here's a simple test. Ask whoever runs your network to show you a list of every device currently connected. If they can't, that's the sign. You can't protect what you can't see. An unknown device on your network might be a forgotten printer — or it might be someone who shouldn't be there at all.
This matters because attackers want quiet, long-term access. What they want is an infected device they can route malicious traffic through, conduct attacks, or add to a botnet — and then leave it running for months. A device doing that won't announce itself. It just sits there, connected, looking normal. Without visibility, it stays there indefinitely.
Think of it as a guest list at a private event. If you have one, you notice the person who doesn't belong. If you don't, anyone who slips in just blends into the crowd. Ask: "Can we see a list of every device on our network right now, and do we recognize all of them?"
Sign 5: The Wi-Fi Password Hasn't Changed in Years — and Neither Has the Firmware
Two related habits, one root cause: set it and forget it. The shared Wi-Fi password — the one written on a sticky note and handed to every new hire, vendor, and intern — was probably set when the office opened and never changed. Every person who's ever had it still has it. Former employees included.
The bigger issue is the firmware, the software inside the router itself. Manufacturers release fixes for it, but only if someone installs them. A large proportion of routers are never updated, leaving vulnerabilities unpatched for months or years. The danger is that the fixes are public, which tells attackers exactly what to look for. Vulnerabilities exploited by malware are often previously disclosed — routers simply remain unpatched because nobody ever applied the update.
It's like a recalled appliance. The recall is published, the fix is free, and the part is sitting on the shelf — but until someone installs it, the appliance is still the one named in the recall. Ask two questions: "When did we last change the Wi-Fi password?" and "When was the firmware on our network gear last updated?" If either answer is "years ago" or "never," that's your sign.
What to Do If You Recognized Any of These
None of these five signs require you to become a security expert. They require you to ask a few plain questions and take the answers seriously. If you went through this list and hit a "not sure" or a "years ago" more than once, that's not a reason to panic — it's just a clear picture of where to start.
- Ask your IT person to confirm admin credentials have been changed on all network equipment
- Verify guests connect to a separate network from your business systems
- Find out when firmware was last updated — and schedule a review if nobody knows
- Get a list of every device currently on the network and confirm you recognize them
- Rotate the Wi-Fi password and limit who has it going forward
At Brewed Security, we work with businesses across Cincinnati, Dayton, and Northern Kentucky to check exactly these things and lay out what to fix first — in plain English. If you'd like a straight read on where your Wi-Fi stands, we're happy to take a look.
Brewed Security Consulting
Not sure if your Wi-Fi is actually secure?
We'll sit down with you, walk through your wireless setup, and give you an honest picture of what we find — in plain English, no jargon, quoted upfront. The first call is always free.
Schedule a Free Conversation