It's increasingly common for businesses to offer free WiFi for their guests, but many of them end up creating major security problems for themselves. Allowing random visitors onto a primary business network is fundamentally as insecure as a bank that allowed visitors to wander around their vaults.
If you're offering free WiFi, it's extremely important to segregate these guests from the rest of your network. If someone just wants to check their email and LinkedIn, there's simply no reason whatsoever for them to be on the same network as your own workers. It only increases the chances that someone will take advantage of the situation.
Luckily, it's now relatively easy for a business to establish a "Guest Network." These are sub-networks that are part of your physical network, but greatly restrict what areas a user has access to.
Securing Your Network With Guest WiFi Access
1 - Make sure your access points support multiple SSIDs.
Service Set IDentifiers (SSIDs) are the names your network uses. These are what you see when your laptop or device is listing all the wireless networks nearby. Be aware that not all wireless access points allow this.
While virtually any business-grade access point will support multiple SSIDs, a lot of the cheaper consumer-grade access points do not. If you've been purchasing your hardware at Wal-Mart, upgrades may be needed before you can create a true guest network.
2 - Enable "Guest Access."
For most routers that can handle multiple SSIDs, the process of enabling guest access is extremely easy.
1 - Find the "Guest Network" option in your router's configuration screen.
2 - Turn it on, and assign a new name to the network.
3 - Create security restrictions that lock off users from anything but basic Internet.
Most routers take it from there. If you're using a Unified Communications system, such as one based around the Adtran AOS Operating System, this can be done through the exact same software that's used to maintain your network.
For most of you, that's really all it takes. Put a solid, secure password on your main business network, and you'll be relatively secure. It's a good place to start.
If you want more security...
3 - Hide Your Business SSIDs
It's not necessary for a router to broadcast the name of a sub-net, and virtually every online device in the world, from iPhones onward, includes the ability to type in the name of "hidden" SSIDs.
So, if you really want to keep your main business network secure, don't even let visitors see the SSID. This is something else that's easily done from the access points' configuration menu. If your workers have the SSID and password, they can continue on uninterrupted.
It's important to keep in mind here that some, shall we say, overly inquisitive guests may attempt to log into (or outright hack) your business network, if they see the SSID. This becomes more difficult if the SSID is hidden.
4. Securing Your Passwords
Finally, remember that there's a significant social element to securing your wireless acess point. All those security policies can be rendered useless, if just one worker is keeping passwords on a post-it note under his keyboard.
Here are a few tips for dealing with the human side of security:
1 - Your hidden business SSID does not need to be complex. Make it easy to remember.
2 - There are several strategies for creating long secure passwords, but we suggest using a memorable pass-phrase instead. A snippet of a quotation, for example: "TheWoodsAreLovelyDarkAndDeep" would be a password that's nearly impossible to crack through brute force, yet easily remembered withoutbeing written down.
3 - Have regular employee training sessions stressing the importance of security and not leaving SSIDs/passwords lying around. (Or storing them in cellphones!)
Having public WiFI access at your location is a great way to bring in more foot traffic, and it doesn't have to weaken your business security. And for more advice, just contact us!