We help IT Professionals succeed at work.

Wi Fi Corporate Policy

Medium Priority
122 Views
Last Modified: 2020-01-27
Does someone have a policy statement or can direct me to one for Wifi.  My company has internal wi fit, staff that travels so airports, starbucks, bars (!).  What should be telling them.  So far, we have said avoid any wifi with no password protection is a no. I rush off the plane and check my email and before you know it, I have been on the airport wi fi (no password) for an hour.  Executives pay for access on the plane, is that safe?

g
Comment
Watch Question

CERTIFIED EXPERT

Commented:
WiFi from unknown sources (hotels, Starbucks, McDonalds, airplanes, etc.) should be a concern.  Most are likely safe, but there is no way to know for sure.  A good policy would be to require that devices must connect to a VPN to the company site and go out on the internet from there.
IT Consultant
CERTIFIED EXPERT
Commented:

Here is a helpful list of dos and don’ts you should follow if you plan to use public Wi-Fi.


There are basically two kinds of public Wi-Fi networks: secured and unsecured.

An unsecured network can be connected to within range and without any type of security feature like a password or login. Conversely, a secured network requires a user to agree to legal terms, register an account, or type in a password before connecting to the network. 

Regardless of the connection type, you should always use public Wi-Fi with caution. Now let’s look at some dos and don’ts:

Do connect to secured public networks whenever possible. In the event that you’re unable to connect to a secured network, using an unsecured network would be permissible if the connection requires some sort of login or registration.

Don't access personal bank accounts, or sensitive personal data, on unsecured public networks. Even secured networks can be risky. Use your best judgment if you must access these accounts on public Wi-Fi.

Don't shop online when using public Wi-Fi. 

Do turn off automatic connectivity. 

Do think about using a (VPN) solution to ensure your privacy and anonymity are protected when you use public Wi-Fi. 


CERTIFIED EXPERT

Commented:
I would say that you shouldn't connect through any unknown WiFi, to do banking or financial or any personal stuff that you want to keep private, even with encrypted WiFi.  Even your Cell Phone hotspot is not trustworthy since IMSI catchers exist.  Enforce a corporate VPN and don't allow employees to store data on their laptop.

Even if WiFi is encrypted, that encryption is between you and the access point.  Anyone connected to that same access point with the  same WiFi password could be able to see your unencrypted content if that WiFi was set up with lax security.  The owner of that WiFi can still view all your data that lands on or traverse their access point, unless it was encrypted.

However, anyone can intercept anything, including your SSL cert and do a MiTM to intercept your packets if they were clever.  That's what deep packet inspection firewalls do already.  The replace the cert with their cert and view your data as it traverses through the firewall inspection and pass that through another ssl connection to the website.  How else do you think they can scan for phishing attempts and viruses on SSL sites.  The only way for sites to avoid this deep packet MiTM intercept is with strict HTTPS (HSTS).  HSTS prevents connection through a MiTM.  Unfortunately, that's not activated on a lot of websites.

Even with a corporate VPN, the whole issue is trust.  How much do you trust the software VPN?  How much do you trust that WiFi, etc..
Gloria BurtPresident

Author

Commented:
Thanks all

Explore More ContentExplore courses, solutions, and other research materials related to this topic.