For most purposes the combination of the following two security measures will suffice:
- WPA2 (AES) with a reasonably long password (12+ characters with non-dictionary words and letters)
- A unique SSID of good length with non-dictionary and non-company-name words/letters.
This is all you need and your network will unlikely be overcome by even the most seasoned hacker from the
wireless side. Obviously if your computer is virus/trojan infested or if you use Internet Explorer, then your chances of leaking information through the
Internet side through phone-home software skyrockets.
MAC address filtering and SSID hiding can be overcome by a novice with any of the dozens of automated hacking programs that are a google search away, and should only be used as
temporary measures if you're unable to utilise WPA2 for whatever reason in the short-term.
They have the added disadvantage of being a headache and obstacle when you're trying to legitimately manage a dozen wireless devices on your network (phones, laptops, tablets, TV/media players, etc).
Recommendations to use just MAC filtering or SSID hiding based on anecdotal evidence of "I haven't been hacked yet" is unfortunately doing other people here a disservice, as they may be in more dense areas where there are more "eyes" that may take an interest in the network.