Do's And Don'ts: Internet Access for Employees & Contractors with BYOD Devices
Have (and Enforce) a BYOD Policy
A BYOD (bring your own device policy) governs the way personal devices are used in the workplace. For example many employers expect that they are left in lockers or with other personal items until break times so that the employee is not distracted. Others will restrict the use of camera features - you might not want the production or storage areas of your shop making the rounds on social media. The policy also needs to cover the acceptable use of your internet connection, particularly prohibiting it from being used to access inappropriate/offensive material or illegal/pirated content. In recent news the producers of the film The Expendables 3 are pursuing the people whose internet accounts were used to illegally download the movie. They can't really go after the people that did the downloading so they're going after the people that provided them with internet access. You need to protect yourself and a BYOD policy is an important part of that.
Don't Put Them On Your Primary Wireless Network
It's easy to just run one wireless network and put everyone on that put it is also very dangerous. Doing so gives them access to other network resources (like printers) and shared folders and documents. It could be very easy for them to read, modify and delete sensitive work files. It would be like using the wifi at a hotel and having access to their network and all the files on it. You can't do this!
Do Create a Guest Account With Limited Access
Instead of providing access to your primary account you need to set up a separate guest account that only provides access to your internet connection. This is easy to do with most wireless routers and it's a built in feature so it won't cost you anything!
Don't Ever Distribute The Password To Your Primary Network
Let's say you do put people on your primary network - you shouldn't but you do it anyway. If you distribute the password you have lost control because you have no control over who it is shared with in the future. If you absolutely must add someone else's device to your primary network you should enter the password for them and not let them see what it is.
Don't Run an Open (No Password) Network (even for the guest account)
This is essential whether you are using the primary network or the kind of special guest account mentioned above. Although the term password is commonly used wifi networks are really protected by something called a security key and it is used to encrypt all data that travels over the network. Without that much of the information travels as plain text and can be read by anyone within range. You need to protect yourself and the people that use your network by using an encrypted network and that can only be accomplished by using a password.
Don't Use Weak Security
When you are setting up your guest account you are allowed to choose from a number of different options. Make sure that you always choose WPA2 which, at this time, provides the best combination of security and device compatibility. It's true that some older devices might not be compatible but don't downgrade to an insecure standard like WEP because of that – the older devices will have to be replaced with more modern (and secure) versions.
Don't Mistake "Stealth Mode" For Real Security
You know how your mobile devices show you a list of the networks within range? That is made possible by something called SSID broadcast whereby your wifi router announces its presence to the world. Now - if you have ever looked at the settings for your router you have probably noticed that you can disable SSID broadcast (sometimes referred to as entering stealth mode). If you do it means that people won't see the name of your network on their devices without some extra work – instead they will have to enter the name of your network manually. It's easy to assume this provides some kind of safety (if they can't see me I'll be ok!) and ignore the other guidelines about guest accounts and passwords. Don't! Disabling SSID broadcast provides only the illusion of security and will not protect you from anyone who is interested in doing any real harm.