A wireless security policy is a set of guidelines for how your employees and guests access the wireless network. It’s also a valuable resource to document how your system administrators manage your company’s wireless network.
In this blog, I’m going to share a few tips for writing your own wireless security policy. For more information on wireless security, check out our podcast: Wireless Security: Identifying Risks and Hardening Your Network.
When writing a wireless policy, consider the following:
Guests on your networks
Does your organization regularly have visitors who have access to your wireless network? If so, consider a guest network that is segmented from the main network that your employees use.
You may also require employees to connect their personal devices to the guest network instead of the business network. This will separate company traffic from personal employee/guest traffic.
Each network can have its own set of guidelines and procedures as well as separate monitoring. Also, the type of traffic you allow on the guest network can be different from the type you allow on the business network. This allows alerts to be set up differently for each network. This also helps you to avoid disrupt business operations with traffic that may be allowed for guests but not for employee’s laptops, for example.
Review the requirements for any certifications you are pursuing or required to have, such as PCI and SOC certs. Depending on which certification you are accounting for, there will be different requirements. You can find these requirements on the certification authority’s website or through your auditor. The PCI documentation is located in their document library.
Set up monitoring to keep track of the activity on your networks. Doing so will help you to identify and remove unauthorized or unwanted connections.
A SIEM like Splunk can use router and firewall logs to determine the types of connections being made and the connecting devices. Use the policy to outline the types of traffic and devices that you would like to see disconnected from the network.
Educate your employees and make sure they have access to the policy. While your system administrators will have to implement the policy, your employees will be daily users of your wireless network–as will any guests you may have.
Have your wireless policy displayed where guests can see it. Also, if possible, have them agree to it before accessing the network. Make sure employees know where to find and review policies so that they can be aware of them. We often are told that employees are the weakest link in security, but it is up to security professionals to educate and inform them.
Wireless policies help you create a framework for the procedures and processes that your everyone will use to keep your wireless networks safe. Keeping your wireless networks safe protects your data and allows you to keep the networks available and the business running. I hope the above steps help you make the best decisions for your use cases.