Connectivity Articles

How to Give Guests WiFi Access Without Compromising Your Network


Consumers expect free access to the Internet regardless of the type of business they are visiting, and the need to stay connected is influencing where they do business. However, providing WiFi to all visitors of your business can also bring incredible risk if you do not have the right security measures in place.


The need for secure WiFi for your guests, employees, and your business has never been greater.


As confirmed by Symantec’s WiFi Risk Report: People are addicted to free WiFi -- it determines their decision-making – but they don't consider the risk for themselves or the businesses they frequent when they connect to any network that can get them online.

Unfortunately, we live in a world where cybercriminals prey on unsecured Internet users and are continuously evolving their tactics and malware skills to take advantage of consumers. The need for secure WiFi for your guests, employees, and your business has never been greater.

Here are our top 4 tips on how to provide WiFi access without compromising your network:

1. Divide your networks

Having a WiFi network that you can segment into private and public access allows you to better manage your network by providing more insight into bandwidth utilization while also controlling usage and avoiding conflicts between both systems. The “private” segment can be used to run your business for things such as POS or personal employee access. The “public” segment can be available for guests and customers.

  • Having two WiFi network segments enables you to turn off the guest network without affecting anyone on the primary private network. You can choose to have the “public” segment open only during business hours for added security.
  • By restricting the bandwidth of your guest network, you can prevent illegal downloading.
  • It is imperative to make sure that your guest network is separated from your private enterprise network to halt intruders from getting ahold of confidential assets -- a separate VLAN should be utilized for the access points that air the guest wireless SSID.
  • If your firewall has routing functions, you should route all network traffic for the guest network right out to the Internet. Customers will have to go out to get onto the Internet and connect from there—saving your enterprise from risk.

2. Change the default SSIDs and passwords

Using public WiFi, consumers see multiple network names (ex: JoeDressShop vs. DressShopJoe) and just jump on the strongest, open signal they see without taking the time to make sure it is correct. The network then becomes prey to Wi-Phishing, which is a way to trick users into the wrong network so they can capture their information for malicious purposes.

You also don’t want the “public” access to be able to access your “private” WiFi segment so that you can keep devices such as printers, TVs, and important data systems secure.  There is no direct connection between the two. Having separate VLANs enhances security because they don’t allow the two segments to communicate in any way.

You can set your SSID to “hidden” so that you must know the name of the network before you can connect. Employees, especially, should know the name of your company WiFi network, so it is not broadcast to just anyone.

All default admin passwords for your network peripherals should be changed as well.

3. Require authentication

You don’t want just anyone accessing your network. You can help secure access if you require authentication through the WiFi network. For example, hotel guests have to validate their name and room number; Starbucks guests have to know what the passcode is. Secure your wireless network with WPA2 encryption and display the name of your password for only your customers and visitors. An additional benefit to your business is the visibility you have into the data to apply checks and balances. The captured data can also be used for business analysis and beneficial marketing purposes.

4. Filter out bad content

Client isolation security and content filtering ensure that no questionable sites can be accessed.  You can add or delete as you see fit for both your public and private WiFi segments. As an added benefit, this also blocks people from using your WiFi to access hacker and illegal software sites with potentially malicious data-security issues.

With Lightapth, you have full control to secure your WiFi and keep employees, visitors, customers, and your business safe. Contact your Account Executive for more information on how Lightpath solutions can provide safe WiFi that will help mitigate and avoid damage for you and your guests.