WiFi is an essential part of our everyday lives in today's interconnected world. You can access free guest WiFi practically anywhere -- coffee shops, gas stations, big-box chain stores -- you name it. Offering WiFi is considered a courtesy to your customers, and in some cases, necessary for vendors or other guests who may be delivering presentations at your office.
This begs the question: should you implement guest WiFi at your office, and is it safe for your business network?
Creating a separate WiFi network for customers or office visitors can be beneficial to small and middle-market businesses. Still, there are a few important things to consider when setting up a guest WiFi network.
We spoke with Jonathan Barger, Technology Advisor at Accent Computer Solutions, Inc., about why creating a separate environment for your guest WiFi is the best way to protect your company.
During our conversation with Jonathan, we discussed:
- Protecting Your Business Network with Separate Access for Guests
- Setting Up a Guest WiFi Network
- Firewalls and Web Filtering on Guest WiFi
- Locking Down Your Wireless Network
Let’s take a look.
Protecting Your Business Network with Separate Access for Guests
Providing customers and guests access to your business WiFi network might seem like a simple task, but it can have unintended consequences if not configured correctly. Giving everyone access to your main network through WiFi can leave your business vulnerable to hacking and data theft.
Creating a separate WiFi network ensures that no one, intentionally or unintentionally, accesses areas of your business network that they shouldn’t.
“The number one thing to avoid as the WiFi host is giving out your secure network password. You want to ensure that none of your guests have access to your company data. A good wireless access point can create a separate network for guests. And if your guests were clever enough to find your server, they wouldn’t be able to access it from this connection.”
The guest network should be locked down, only allowing access to what is absolutely necessary.
Related Resource: Is Public WiFi Safe for Work Computers?
Setting Up a Guest WiFi Network
Your guest WiFi network needs to be segmented from the main office network to be secure. This way, your company’s network is not visible or accessible to your guests. Having a separate guest network keeps your office network safe while providing visitors access to the internet.
“It’s not difficult to configure if you have the right equipment. You will need switches, access points, and firewalls that are capable of drawing secure lines. If you don’t have that equipment, there is no way to set up your guest wireless network securely.
I caution you not to rig this together with ‘metaphorical duct tape.’ Any workaround will only leave you vulnerable. When you have the proper equipment for your network, it can easily be set it up for the vast majority of clients.”
If you’re going to offer guest WiFi, it must be on a different network than anything internal.
In most cases, your current WiFi network can create a guest network without new hardware. Your IT personnel can set this up for you by enabling the feature on your access point or router.
On the off chance that you need different hardware to support this function, multiple options are available. This is not the time to skimp. Don’t leave your network open to hackers by going the cheapest route by compromising IT security.
Firewalls and Web Filtering on Guest WiFi
Web filtering for guest WiFi should be as restrictive as your regular web filtering policy, if not more so.
Guest WiFi is separate from your business’s network, but you still need the same level of IT security. Through web content filtering, you can restrict access to sites containing harmful content or hacking suspicions.
“Content filtering is set up for security reasons. It’s a separate network, but it’s still connected to your business. It’s important to know which sites to block traffic from. Non-work-related sites especially need to be monitored. By default, content filtering software blocks illegal activity sites and known malware sites. When we’re setting it up for clients, we have conversations about standards and problematic issues. Anything beyond that is up to the client -- we don’t impose any rules.”
Your firewall also restricts access from the guest WiFi to the company’s network. And if you must grant limited access to the organization’s network, it’s done through the firewall. For example, if a guest WiFi user needs a printer on the company’s network, this can be configured on the firewall.
But be careful. Giving too much access can compromise your business’s network security. Your IT support provider can help you safely allow your guests limited access.
When guest WiFi is configured correctly, it can be a safe way for your guests to connect to the internet without compromising your network.
Related Resource: How to Give Vendors Network Access Without Compromising Security
Locking Down Your Business Wireless Network
Lockdown policies are an increasingly important (and highly recommended) safety measure when setting up WiFi networks.
“It’s now becoming more common to recommend more strict lockdowns of wireless to either a known list of devices or users. And with quality enterprise-grade switches and WiFi access points, they can automatically recognize a device or user and route them to the correct network access. Insurance companies and security compliance requirements are starting to include that more often.”
Take the Next Step Towards a Secure Business Guest WiFi Network
Whatever your reason for having guest WiFi, it’s essential that you take these simple yet effective steps to secure your business network. Talk with your IT manager or managed IT services provider to discuss building a secure guest WiFi network for your office visitors.
When set up correctly, you can rest assured knowing that your WiFi isn’t a vulnerability to your business.