Not to disagree with above advice, but let me make a few points:
While a MAC-based whitelist is very insecure, it will keep out at least 99% of casual Joe Publics who get a new laptop home, switch it on, and hey presto "I have free internet!!!" on the back of
your service. It also never creates any incompatibility, IME.
I would do WEP (64-bit) in all cases. Yet it's true that a hack was published a couple of years ago, which involves forcing the access point to transmit a huge number of messages and, after a gig or two of data have been emitted, revealing enough data to crack the key. But 99.999% of people won't know how to do this, and why should they bother when they can drive another 20 yards down the road and get a totally open service by parking outside that house?
Beyond WEP, going to the much more secure WPA/PSK, you get compatibility issues. Even today, a lot of kit doesn't work with it. I have had numerous laptops which don't connect unless you reboot them while the access point is active (ok for many people, fair enough). Also anything slightly older won't support WPA so you have to set the access point to the lowest common denominator anyway (WEP). The plot thickens further given that WPA support is normally done within XP and not by the wifi network hardware, but 3rd party wifi cards usually come with their own software....
The final measure, disabling SSID broadcast, is nice (it makes your network invisible to most people) but creates much incompatibility. This requires the SSID and password etc to be preconfigured in the PC (obviously) but a lot of PCs will never find the access point anyway. I have a brand new XP machine right here (a Motion LS800 tablet) which doesn't find it.
Finally, the SSID will be visible to anybody within range, so I choose an SSID which does not reveal my address. I tend to use some filthy phrase
If you have seriously sensitive data then you need to do this properly, and corporate users don't use even WPA/PSK.