Just wanted to add a couple of things...
May or may not be helpful, so... use what's useful, ignore what isn't I suppose.
If your wireless router has a PIN based WPS set-up, toss it overboard. Push-button is more secure, with physical security being the main issue. That might be more of a concern on a boat than in a house. Just saying. If your router allows you to, you're better off just disabling it in the set-up screen, although in fairness, a lot of Netgear & Linksys products will still have it running anyway, even AFTER you thought you disabled it. Yeah, I know... big PITA.
You should use WPA2 with AES.
Not WPA and not TKIP.
Go for full WPA2/AES.
And since you aren't going to be implementing a RADIUS server (don't ask), use a nice long pass-phrase, not your dog's birthday or grandson's middle name. Some obscure memory involving a combination of places and dates that nobody except you and your spouse would ever think of is usually a good option.
Now of course...
None of that matters if you're connecting your client to someone else's hotspot. If that's what you do and you need to do stuff like bill paying and banking...
Consider a cellular card instead.
If God didn't want me to walk on the grass, he wouldn't have left it on the ground.