Securing Employee Wi-Fi Hotspot Connections
As a network admin you’re likely aware that wireless connections pose different risks compared to wired Ethernet connections. Plus you ought to know the basics, like that Wi-Fi is by default unencrypted and you should use WPA2 security to keep others from connecting to and/or snooping on the wireless. But what you may have overlooked is the impact users have on Wi-Fi security
There are small things users can do to help keep the network and devices more secure. Here I share security risks and precautions employees and users should consider while using Wi-Fi, whether at work, home, or when out and about.
Tips for Wi-Fi Security at Work
Although the IT department has the majority of control over the network and its security, like enabling WPA2 security, what employees and end-users do has an effect on the security of the network as well. Though you can’t really control the users, consider implementing policies like these to help educate your users in how to protect the network:
Users should notify IT staff if they lose their smartphone or laptop that’s setup to connect to the private Wi-Fi, to help prevent anybody that gets there hands on it from going to the business and connecting to the Wi-Fi. If 802.1X authentication is used, the IT staff can simply change the user’s individual password. Or if Pre-shared Key (PSK) is used, IT staff can change the global Wi-Fi password.
Users should not connect to any other SSID or neighboring wireless network. If they do, users on that different network could possibly access the data on their device.
Users should not give out the Wi-Fi password or login information to outsiders, or maybe even to other employees as well—keeping it on a need-to-know basis to prevent sharing.
Users should pay attention to anything that looks different with the Wi-Fi, like errors when connecting or new SSIDs in the area, to help prevent themselves from falling victim to a Wi-Fi honey-pot or man-in-the-middle attack.
Anyone wanting to setup a wireless router or access point within the building must contact the IT staff to get permission so they can verify it’s properly secured. This brings up another note: IT staff setup wireless rogue detection or periodically manually scan the airwaves for any unauthorized APs.
Securing Connections at Public Wi-Fi Hotspots
If users are out and about connecting to public Wi-Fi hotspots, their device and the data on it—which could be work-related—are at risk. And since public networks usually aren’t encrypted, others nearby can snoop on their online activity. This could include logins for sites or services that aren’t encrypted, such as email.
To help secure their device and data, users should specify the network is a Public Network after connecting with a Windows laptop. This changes the Windows Firewall settings to block access to the laptop from others, including any network shares.
Users should never log into any website or service that isn’t encrypted. Consider educating users on how to tell the difference: https instead of http and how to check the certificate verification of the browser.
If your company uses POP3 or IMAP email servers, enable encryption (SSL) so when users are on public networks their email credentials aren’t sent in clear-text.
You should consider offering a VPN for frequent travelers, allowing them to access the network remotely while also securing their Internet traffic. If remote network access isn’t required recommend a third-party VPN service, like Hotspot Shield, just for securing their connections while on public or untrusted networks.
When on smartphones and tablets, users may want to utilize the mobile carrier’s 3G/4G data as those connections are typically encrypted. Nevertheless if there’s no cellular data available or a better connection is needed, users can also utilize VPNs on mobile devices to secure its Wi-Fi traffic. Many mobile devices offer native VPN connectively, in addition to there being VPN apps too.
Securing Wi-Fi at Home
Though you might not think it’s your business what employees do at home, if they’re using laptops for work and taking them home you should try to ensure their home network is secure as well. If they don’t have any (or poor) Wi-Fi security, their connection would be susceptible to the same risks as using public networks: neighbors could potentially connect to their device and any online activity could be captured, including any logins that aren’t encrypted.
Try to educate employees that take their laptop home about Wi-Fi security and try to verify they have a Wi-Fi password set.
Remember, although you as the network admin have majority control over the network, users also play a role in its security. Educating them on the basics of Wi-Fi security, giving them tips, and implementing policies can help them help you increase security as well.