Posted by: Heather Shy on May 25, 2018 at 8:00 am
Don’t we all love when we’re visiting a business that offers a free guest Wi-Fi network? But does it benefit your business to offer free Wi-Fi to your guests?
Often, it does. If you have customers choosing to spend part of their free time in your establishment, the ability to read email, check social media notifications, or get some work done is almost essential. Even vendor reps and other sales people appreciate the opportunity to access their own files and other data.
In fact, it can be a security risk not having a guest Wi-Fi network. How so?
From time to time, visitors may want or need internet access. Some of them will ask your employees for your company’s wireless password. If you don’t have a pre-secured guest network set up for them, which network are they asking to log into?
That’s right – your business servers, network, and data. You do not want that to happen. That’s why having a designated, security-configured guest Wi-Fi network may be a good idea for any business.
However, when setting up your guest Wi-Fi network, there are some definite security items to keep in mind.
Configuration Guidelines for Guest Wi-Fi Networks
What should be accessible from the guest wireless network? First and foremost, a guest wireless network should only have access to the internet. No servers, files, no workstations. Internet only. This protects your server and data, and helps keep your business out of the news under the headline of “Serious Data Breach at [Your Business].”
We had two wireless-related tickets last week that illustrate this point well:
- A client employee was on their guest network and couldn’t get to Outlook.
- Another employee on a guest network couldn’t reach the network drives.
Good. That is exactly how to configure a guest Wi-Fi network. Internet-access only. Even your employees should not be able to reach your company network from the guest Wi-Fi.
(Of course, we did kindly direct them to use their company’s internal wireless networks and helped them to do so.)
Should You Require a Password?
Much like driving a stair car, if you’re providing totally open Wi-Fi, “you’re going to get some hop-ons.” Having a completely open wireless network allows anyone access, for any purpose.
To minimize this, your guest Wi-Fi network should still require a password or at least a terms and conditions “splash page” that must be accepted before access is granted. Possibly both. This helps protect your company from liability in case the guest later claims they were hacked while on your network.
Side note about these splash pages: Guests might get an error message about low connectivity before accepting the terms or providing the password. They need to open a browser window, accept the terms, put in the password if needed, and that error message should go away.
As far as passwords go, since you are giving it out freely to guests, it’s generally fine if it’s a simple password. However, you may want to change it often depending on your business model and how much of your return business depends on guests being able to access the Wi-Fi.
Know your customers on this. Coffee shop visitors may want to be able to sit down and get right to work. Having to input a new password on some random timeframe might frustrate them enough to go elsewhere. However, if you change on a predetermined, regular basis and keep it on display, they may not mind.
On the other hand, your vendor reps visiting your corporate office may not mind having to ask for a guest password once per quarter. Again, know who is likely to use your guest network and set your password standards accordingly.
What If My Guest Needs Access to My Server?
If a guest insists that they need access to your network via the corporate wireless, the first question you should ask is, “Why?” (Maybe not that bluntly.) Outside vendors (like your outsourced IT team, ahem) should either already have any required access, or should be able to access necessary data and files from their own network. If a visitor needs a specific file, perhaps it can be emailed to them or uploaded to TAZ Cloud Sync.
A Note About Your Private Company Wi-Fi Network
First of all, you absolutely must require password-only access to your internal business Wi-Fi. Please do not allow any unsecured wireless access to your network.
Secondly, remember the sad truth that the most vulnerable security point in any system is human failure. Be sure that every employee is trained not to give out access information to this internal Wi-Fi. Not even to other staff. Make it official policy. Everyone should know to come to one central point of contact if they need the Wi-Fi password. Better yet, have your IT team set up each new computer to automatically connect to the business Wi-Fi, and don’t even give employees the password. (They can’t share what they don’t know…)
In conclusion, a secured guest wireless network can be an asset to your business. Be sure it is restricted to internet access only.
Image source: pixabay