WLAN Best Practices Webinar Series: The Importance of Wireless Security Policy
Every organization needs a wireless security policy. These best practices can make one more effective.
An effective wireless security policy is now a must for any organization. If a policy isn’t created, well-defined, or implemented correctly, problems will quickly arise — and there will be no clear solution to address them. Wireless users need to know what they can or can’t do on the network, and managers must have a framework to address issues, especially in the corporate world.
It's not just for big corporations, however; every organization with a WLAN should have a policy in place. Even very small businesses need to have a plan to protect the network. For instance, what would you do if an employee gave out a password? A well-defined policy has a specific answer to that question and many more like it.
The bottom line: if you’re doing wireless, you’d better have some kind of security policy in place. This guide digs into why it’s so important and some tips for creating an effective plan.
Why do we need a wireless security policy?
Think about what could happen without a policy. You’ll be asking for technical issues and security headaches. And it could cause severe financial and reputational damage if something goes wrong and there’s a data breach, for instance.
Without a wireless security policy, you own all the chaos. It’s like playing a game with no rules, so no one knows what to do. It’s hard to enforce even common-sense operational dos and don’ts without a set policy. Users will do whatever they want, including behaviors that create security risks.
Here are several important reasons for a wireless security policy:
- To keep the wireless environment healthy: You’ll have more control over what’s going on and what’s allowed, which keeps the network and its users safer.
- To keep individuals from making avoidable mistakes: People need to be educated about what they can and cannot do while using the network.
- To protect sensitive information: A policy isn’t the end-all, be-all for safeguarding data, but it's a major part of it.
- To justify/disqualify solutions: A policy is a metric when shopping for a solution — it can help guide network decisions.
- To eliminate potential issues: Implementing an excellent policy can keep novel problems from being introduced.
Another reason is regulatory compliance. Government and industry-specific requirements should guide a policy to some extent since certain organizations must understand and meet these specific rules. Regulatory compliance categories may include:
- HIPAA (Health Insurance Portability and Accountability Act)
- PCI (Payment Card Industry)
- National security
- DOD (Department of Defense)/military
Company leaders must ensure the organization stays compliant with these rules if and when any apply. Lesser security is one impact of failing to do so; fines and legal liability are others.
7 aspects of an effective wireless security policy
First, consider how to create and implement a policy, including these seven best practices:
1. Executive buy-in
You can have the best plan outline for wireless security ever. But without company leadership's support, you'll have trouble filling it in and implementing the details. If you don't have executive buy-in to any type of security policy, wireless or not, it will be hard to move forward.
2. Clearly worded
The wireless industry is so laden with jargon it can be hard to get around confusion. But the policy language needs to be understood by everyone, so you need to use terms that everyone will know and recognize. Otherwise, it will be hard for them to follow, and mistakes will be made.
Similarly, the policy needs to be accessible and well-communicated. Where can people find these rules? Documents should be part of all employee or vendor onboarding, and everyone should know where they can access them. All parties also need to know they’ll be held accountable for following the policy.
The wireless security policy needs to be reasonable and enforceable. Requirements must be based on real-world threats and situations, including detailed steps for how issues will be corrected.
5. Accounting for exceptions
The consumer wireless and gadget space is growing significantly, whereas the enterprise infrastructure is still somewhat inflexible. Thus, there’s a gap between consumer clients and enterprise setups, so you may sometimes have to make exceptions. People may want to use devices that violate the policy, for example. Have documentation in place for how exceptions are handled consistently to avoid confusion and headaches.
6. Periodic updating
Like any policy, your approach to wireless security needs to be reviewed and updated regularly. Technology changes all the time, especially with wireless, and so do threats — so you must stay current to stay secure.
7. Alignment with other policies
Wireless is really just a subset of the bigger network, which is also bound by all kinds of policies. The individuals making policy decisions at any level need to know how all these aspects work together, recognizing that they don’t exist in silos. Everything must align organizationally.
If your operations don’t fit your policies or distinct policies don’t gel with one another, something is drastically wrong. And untangling the mess can be costly and can cause significant team disruptions.
Solutions that back up policy
What solutions will help meet wireless security policies and requirements? Here are a few valuable ones to put in place:
- Rogue access point (AP) detection
- Neighbor AP detection
- Ad hoc WLAN detection
- Interference detection
- WIPS (wireless intrusion prevention system)/WIDS (wireless intrusion detection system)
- MDM (mobile device management)
- PCI audits
- Unauthorized port usage
- Device connection alerts
From a financial perspective, solutions should make sense for what they protect and monitor. For instance, you don't want your security plan to be overkill, but you also don’t want it to underestimate what could be problematic in the future.
Writing the policy
It’s not always easy to sit down and articulate a wireless security policy. Using the right language and integrating it with other procedures can be a big challenge. But here are some tips to smooth the effort.
First, consider the writing process collaborative since any policy involves multiple people or departments. This helps ease the burden and gives you more opportunities for feedback and proactive improvements.
There are also many examples and templates to guide you. Numerous companies make their policies public for all kinds of security topics. And specific requirements under PCI or HIPAA, for example, will also help you decide what must be included.
For one strong example, reference USAID’s wireless standards and guidelines online. This document contains a lot of ‘government-speak,’ but it also has many valuable elements that anyone should have in a policy to address general wireless network concerns. You can also take a look at the CWSP Objectives Related to Wireless Security Policy for another example.
Finally, always stick to these top priorities when writing the policy: get executive endorsement and ensure it is effectively communicated to everyone.
Get help implementing wireless best practices from 7SIGNAL
Setting up and deploying a wireless security plan will help you preserve a healthy wireless environment for your organization. But another critical aspect of a high-functioning network is maintaining it in the face of everyday issues that can impair performance.
7SIGNAL’s wireless network monitoring platforms provide exceptional visibility into how the network performs based on continuous testing and monitoring. Our Mobile Eye™ and Sapphire Eye™ platforms help you assess the experience from the client's perspective, enabling fast solutions to a range of problems.
Reach out to 7SIGNAL to learn more about our solutions.
7SIGNAL® is the leader in wireless experience monitoring, providing insight into wireless networks and control over Wi-Fi performance so businesses and organizations can thrive. Our cloud-based wireless network monitoring platform continually tests and measures Wi-Fi performance at the edges of the network, enabling fast solutions to digital experience issues and stronger connections for mission-critical users, devices, and applications. Learn more at www.7signal.com.