cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
dz
Viewer

Security Risks and Mitigation Strategies for Using Unmanaged Guest Wi-Fi

 

Hi everyone,

 

I'm not a network expert, and I’m seeking advice regarding the security implications of connecting to a guest Wi-Fi network at a remote office. Our situation is as follows:

 

In a remote office, we have employees who will be connecting their personal devices (BYOD) or corporate laptops to a guest Wi-Fi, which is not managed by our organization. From this connection, they will connect to our corporate VPN to access our network file shares and use Office 365 webmail.

 

My Questions:

 

  1. What are the potential risks of using this public, unmanaged Wi-Fi to connect to our corporate VPN and access Office 365?

  2. Are there any strategies we can implement to make this public Wi-Fi connection more secure?

  3. Since there are no wired Ethernet connections in this office and we do not have access to their modem to connect anything directly, would it be feasible to purchase our own wireless router with built-in third-party VPN capabilities and connect it wirelessly to the guest Wi-Fi? Would this approach enhance security, and does it make sense or is it even possible in this context?

Any insights or recommendations would be greatly appreciated! 🙂

2 Replies
denbesten
Community Champion

WiFi that you do not own is no more or less risky than wired that you do not own. 

 

Most likely, your VPN group has released guidance about the use of your computer in a coffee shop.  That advise can typically be applied to any network you don't own. But for an authoritative answer, the question should be directed towards the team that manages the VPN.  They will know the rules even if they did not write them.

 

Most of the risks involve price/performance/security trade-offs that were made by your VPN group, for which only they will know the answers.  For example, They may have decided to route email through the local ISP because it is "free". Or, they may route it through the company VPN so the local ISP does not even know that you are using O365.

 

The primary risk your VPN group can not control is that the public Internet access may cut you off or slow you down.

 

 

 

Caute_cautim
Community Champion

@dz @denbesten I agree with my colleague, however, what advice are you giving to the office staff to raise awareness about using public WiFi networks - which could be prone to WiFi jacking or being taken over by a third party in a malicious manner to gain credentials and other sensitive information regarding the users of the system.

 

Definitely, each individual should have a security awareness course, on highlighting the risks of connecting to an uncontrolled and insecure connection outside of your control.  Convenience may actually be a spanner in the works for your business - so ensure you have a good Incident Response plan in place too.

 

Connect via a VPN (which themselves are not a perfect security control, as there have been many cases of them being hijacked or attacked by various attacks.  

 

Perhaps look up the Zero Trust security model, and ensure you understand the underlying principles and then apply them to your circumstances.

 

Your personnel can be you nemesis as well as your protectors with the right advice and appropriate controls.

 

Regards

 

Caute_Cautim