As an IT leader or information security officer at a venue that is offering free guest WiFi, you know how critical it is to protect your network from being misused. You should also know that you can put stringent security measures for using guest WiFi solutions that make the network safe, although it might not be as convenient for the users.
Since the last few years, businesses are evolving their WiFi infrastructure to incorporate a WiFi monetization engine. This has added guest WiFi marketing as an integral part of the WiFi, pushing you further into facilitating an end to end transaction security and compliance.
Here are 5 techniques that will help you safeguard your guest WiFi:
1: Captive portal for login authentication
It is standard practice to pop-up the captive portal once the users have connected to the guest WiFi. The captive portal helps user authentication be done in a couple of clicks with social login. Identity authentication helps you safeguard the session and helps the marketing teams to personalize the guest WiFi promotions.
Companies relying on WiFi passwords alone without captive portal login have 2 challenges; firstly, the password will have to be handed out individually or it has to be made public to the customers, which defeats the purpose of setting the password. Secondly, to keep security, the password has to be changed every day so that it’s not misused or overused.
2: 2-Factor Authentication
Some of the businesses require additional identity verification through an out-of-band authentication. This is optional and is a matter of choice based on what is the risk profile of users and their activity you are expecting on your guest WiFi. A One-Time-Password over SMS (OTP) is one of the most common methods used to perform additional authentication on guest WiFi. Alternatively, the customers may get an additional code from the front desk on verification of their ID. 2-factor authentication ensures a better control on user identities on the network, however, they add a few more clicks in the user journey.
3: Terms and conditions of usage
No matter how secure your network is, you need to take explicit consent from your guest WiFi users to the standard terms and conditions of the use of the public WiFi network. This is a matter of internal compliance for some businesses while for others it might be a government mandated compliance. As a measure of transparency, it is also important to share with your users how the data collected about them will be used. For these reasons getting a user consent on the set of standard terms and conditions page is very helpful in safeguarding the guest WiFi experience for the enterprise as well as its users. This EULA can be displayed on the captive portal when users are logging in.
4: Session timeout
Most people don’t log out from the public WiFi once they are done with their online activities. As a basic security practice, it is best to relieve the inactive connections for security as well as for optimal bandwidth utilization. Enforcing session timeout is a great technique to formally release those connections which don’t require the Internet anymore. For those who may be using the WiFi but have been logged out, a simple one-tap login feature can be used.
5: IoT device discovery
Smart devices such as cameras, thermostats, smart appliances, etc. are able to auto-discover WiFi and connect to it. Not all devices are authorized to access your guest WiFi network.
These IoT devices don’t contribute to WiFi marketing or WiFi monetization strategies. So as an organization you should have a list of permissible IoT devices. You need ways to identify when these IoT devices attempt to connect to the WiFi network. The guest WiFi solution should be able to detect how long are these devices are connected. The ability to fingerprint the IoT devices on the network help you isolate them, disconnect, or communicate to them. If you have your own IoT devices (such as a marketing beacon) that need to be connected to the WiFi platform then these need to be whitelisted and they should be provisioned with selective authentication by-pass. IoT discovery is a longer topic of secure WiFi access and there are a few more features that help you safeguard the WiFi network.
So these are some of the simpler techniques to ensure that you are delivering a secure guest WiFi experience for your customers. What is important in this journey is that implementation and administration of security of access is not complicating the user experience. It is fast and simple to install and no additional technology administration skill set is needed to manage secure WiFi access.
We help our community with a secure guest WiFi access assessment and implementation plan. Click here to schedule a session with us.