How to Write a Wireless Security Policy

A wireless policy is a set of guidelines for how your employees and guests access the wireless network. It’s also a valuable resource to document how your system administrators manage your company’s wireless network.

In this blog, I’m going to share a few tips for writing your own wireless security policy. For more information on wireless security, check out our related podcast: Wireless Security: Identifying Risks and Hardening Your Network.

When writing a wireless policy, consider the following:

Guests on your networks

Does your organization regularly have visitors who have access to your wireless network? If so, consider a guest network that is segmented from the main network that your employees use. 

You may also require employees to connect their personal devices to the guest network instead of the business network. This will separate company traffic from personal employee/guest traffic. 

Each network can have its own set of guidelines and procedures as well as separate monitoring. Also, the type of traffic allowed on the guest network can be different from the type of traffic allowed on the business network. This allows alerts to be set up differently for each network so as not to disrupt business operations with traffic that may be allowed for guests but not for employee’s laptops, for example.

Certification Requirements

Review the requirements for any certifications you are pursuing or required to have, such as PCI and SOC certs. Depending on which certification you are accounting for, there will be different requirements which you can find on the certification authority’s website or through your auditor. The PCI documentation is located in their document library. 

Monitoring

Set up monitoring to keep track of the activity on your networks and procedures to identify and remove unauthorized or unwanted connections. 

A SIEM like Splunk can use router and firewall logs to determine both the types of connections being made and the devices that are connecting. Use the policy to outline the types of traffic and devices that you would like to see disconnected from the network.

Security Training

Educate your employees and make sure they have access to the policy. While your system administrators will have to implement the policy, your employees will be daily users of your wireless network–as will any guests you may have. 

Have your wireless policy displayed where guests can see it and, if possible, agree to it before accessing the network. Make sure employees know where to find and review policies so that they can be informed and educated. We often are told that employees are the weakest link in security, but it is up to security professionals to educate and inform them.

Conclusion

Wireless policies help you create a framework for the procedures and processes that your system administration team, employees, and guests will use to keep your wireless networks safe. Keeping your wireless networks safe protects your data and allows you to keep the networks available and the business running. I hope the above steps help you make the best decisions for your use cases.