Let’s paint a picture.
An external consultant visits your office for a meeting and wants to show you a web site in action but in order to do this they need to connect to your network WiFi.
You happily allow the consultant to do this. After all, you have known him for a while and done business with him in the past. The meeting finishes and you are very impressed with what has been shown and you can now take this forward to the senior management team.
Unknowingly the consultant’s 10-year-old son downloaded an illegal game and some accompanying malware at the weekend to his dad’s laptop. The consultant is unaware that his laptop is carrying malware. This is the same person you’ve just given permission to connect to your network.
24 hours later the virus emerges from its hiding place and hits your network. It’s infecting files and locking members of your staff out – you’ve been hacked and you’re about to be held to ransom.
How true do you think this story is?
All too often I am called into a prospective client’s offices because a virus has infected their system and that virus has usually been able to gain access because there are no proper procedures in place for seemingly innocent requests from external contractors, consultants or staff who simply weren’t aware that they were carrying a something nasty.
Protecting your network
The fact is that most businesses will have meetings with external people in their offices on a regular basis and at some point that person may ask if they can hop on to a network, maybe to check their emails or to show you something.
What you need when this happens is a clear set of processes and procedures in place so that you know what steps to take to keep your business safe in these commonplace scenarios.
Here are some points to consider with regard to the key issues in this context.
When it comes to WiFi Access…
Take the view that any external laptop could have a virus on it.
You don’t know if the contractor has the same attitude to viruses and malware as you do. You don’t know if they have the same browsing habits as you do. You don’t know if they let their children use their laptop in the evening and at weekends.
You need to take the viewpoint that every external laptop has an infection and, although this might actually not be the case, if you take this approach then you’ll start to think about the appropriate action you should take to routinely protect your network and your business.
Have a set of clear procedures and policies in place if a contractor or consultant needs to connect to your network.
Having a guest WiFi option is an ideal solution and generally there is no problem with an external person connecting to your guest WiFi – it’s a bit like treating your business like a coffee shop. You know you are going to get people coming in to your offices wanting a WiFi connection and having a guest WiFi is a practical solution that protects your business.
Restricting access to your data
If you don’t have a ‘guest WiFi’ option but a third party needs to legitimately access data on your network for any reason then consider taking the following steps:
Having your IT department set up a firewalled connection to your network so that the external person can gain access to the required data but all of the traffic to and from the relevant laptop is monitored and if there is a problem then it will be blocked.
Putting in place a guest anti-virus, anti-malware procedure which has to run on the laptop before it is granted access to your network. This should be set up as part of your IT infrastructure so that when the laptop is plugged in it is initially only granted public internet access.
Don’t grant access to your network initially until you’ve conducted a scan to check the laptop for anything nasty. If something is found on the laptop then the person is refused entry into your network. If the scan is clear than the laptop is granted access.
An important point here is to only afford your third-party visitor the level of network access that is necessary in a given situation. It shouldn’t be that once you’ve scanned their laptop and established that it doesn’t contain viruses that they can then have access to your entire network and all its data. This is one of the biggest mistakes that businesses make in this context.
Establishing ongoing protection
Some businesses use the same contractors over a much longer duration i.e. a number of years. If you find yourself in this position, as a business owner you’ll still want to protect your business regardless of the relationship you have with the contractor/consultant.
Therefore, you might want to be more prescriptive. You could advise them, for example, on the anti-virus software you would like them to use on their machines while they’re working with you. And as long as they are running that specific anti-virus software then you’ll know that they should be safe to connect to your network.
Is it costly to setup guest WiFi?
The cost of setting up a guest WiFi varies quite considerably.
You could be lucky and find that your firewall and router already supports the creation of guest WiFi. Where this is the case all you’ll need to do is switch it on and this will cost around £100.
If you need to create a ‘wired’ guest connection option because certain areas of your workplace struggle to get consistent WiFi coverage then you’ll be looking at anything between £100 and £500.
If your firewall or router need replacing then the fees will start generally in the region of £500 and can go up to £5,000 depending on the size of your business and the internet speeds you’ll require.
As ever with issues of IT security, prevention is much better than cure when it comes to network protection and while establishing proper processes on a pre-emptive basis may require some upfront investment it could also save your business a good deal of time, money and frustrations in the longer term.
If you would like to have a chat about setting up a guest WiFi or getting these processes or procedures in place, please contact me on firstname.lastname@example.org.