What do you do if you scan for rogue Access Points and find that the area is saturated by surrounding businesses with their own wifi?
I recently scanned for wifi networks and found 60+ networks just by walking around. I know some of the networks I will have to deal with such as printers, but how do you go about seeing if an ESSID is coming from my network or is a network from an adjacent business?
That is not easy to know... it is supossed that you know the ESSIDs and BSSIDs of your own business. You can check the entire list in first place to see if everything is matching. The procedure from this base could be the following:
If you have your list updated you'll know about any strange MAC on your ESSID. In the case the Rogue AP cloned one of your MAC addresses, you'll see one of your BSSIDs duplicated and that is a very suspicious thing that only can mean there is a rogue AP independently of where it comes.
Once located the data of the Rogue AP, the only method to know where is it, is to measure the signal strength and moving around you'll see if the signal is increasing or decreasing. AFAIK there is no other method.
I know if there are more than 60 networks, the scan list is an absolute chaos and is not an easy task. That's the reason about is important to audit regularly your wireless network to make the inventary of the legitimate Access Points. This is precisely one of the points on the known PCI Compliance. It forces to a company which is handling credit card and banking data to perform this auditory every 3 months. Anyway in my opinion is a good practice to perform this on any company even if is not handling banking data.
