Currently, one of the single best ways to get more walk-in traffic at a business is offering guest WiFi access. People want to be able to check their email and social media at virtually any time. Locations that offer WiFi instantly create a draw for people.
Unfortunately, this does open up some security concerns, especially in a business where sensitive Non-Public Information (NPI) is handled. This creates some issues for companies where proper data-handling is of paramount importance, such as in the health, legal, and financial fields.
None the less, even organizations like these can ultimately benefit from a WiFi system. Some basic security features, easily enabled in virtually any business-class router, can quickly and efficiently create guest WiFi access that still protects your business data.
This is generally standard, but every now and then we see an organization with a single user, which everyone accesses. This is extremely poor security.
Everyone in your operation with access to business materials, client records, or other sensitive data should have their own unique ID and a strong password to go with it. There are several reasons for this:
You can track every user's activity, and notice if anyone is accessing data they shouldn't be looking at.
Per-user access rights can prevent workers from accessing confidential information.
Login attempts are tracked as well. If someone attempts to access a secure area, and is denied, that sends up a red flag in the system as a hacking attempt.
Other anomalies, such as an employee logging on from a terminal outside their department, can also be noted and tracked as needed.
Per-user accounts give you a much broader overview of your network activity, and far more power to track down potential data breaches. This is an absolute bedrock requirement for dealing with NPI.
Ultimately, your systems are only as secure as your passwords. There's a lot of debate over what makes for a "strong" password, especially when practical considerations are brought into play. A password that must be written down isn't secure at all.
For a good balance between security and memorability, suggest your employees choose passphrases instead. A 3-6 word phrase that adds up to around 15-20 individual characters will be virtually impossible to crack through brute force, yet should be easily remembered by the person choosing it.
A snippet of a quote from a favorite book, song, or movie is a good starting point. (eg, "TomorrowIsAnotherDay" or 'FearIsTheMindKiller.")
This is the easiest part of establishing guest WiFi in your operation: Any business-class network equipment will have an option to create a "Guest Network." This is a separate SSID (network name) that's specifically locked away from everything besides the public Internet.
When given an unambiguous name like "VISITOR WIFI ACCESS," most visitors will just go straight to it.
As a final measure of security, hide your corporate/business SSIDs. This is also easily enabled in the network setup, and it simply means that your access points will no longer broadcast the names of your internal network. To be able to log into them at all, your employees have to be given those names.
Otherwise, without knowing the exact SSID, an intruder can't even begin hacking your access points.
The combination of secure usernames, passwords, and SSIDs creates a local network that's virtually impossible for hackers to break into. At least, not without inside help or other "social engineering" efforts.
If your business has been considering adding visitor WiFi access, don't let security concerns get in the way. By following a few simple measures, you can easily establish a WiFi system that doesn't endanger any of your critical NPI.