Definitions 

Wireless Access Point (AP): A device that allows wireless devices to connect to a wired network using Wi-Fi or related standards.

Keylogger: The action of recording or logging the keystrokes on a keyboard.

Wi-Fi: A term for certain types of wireless local area networks (WLAN) that use specifications in the 802.11 family.

Wireless: A term used to describe telecommunications in which electromagnetic waves, rather than some form of wire, carry the signal over all or part of the communication path. 

Overview 

This policy addresses the wireless connection of (^Company^) owned devices in remote locations. 

Purpose 

The purpose of this policy is to secure and protect the information assets owned by (^Company^) and to establish awareness and safe practices for connecting to free and unsecured Wi-Fi, and that which may be provided by (^Company^). (^Company^) provides computer devices, networks, and other electronic information systems to meet missions, goals, and initiatives. (^Company^) grants access to these resources as a privilege and must manage them responsibly to maintain the confidentiality, integrity, and availability of all information assets. 

Policy Detail 

(^Company^) Wi-Fi Network

The (^Company^) Wi-Fi network is provided on a best-effort basis, primarily as a convenience to employees and others who may receive permission to access it. For employee business use, it is designed to be a supplement to, and not a substitute for, the production wired local area network. For non-employees, it is also provided as a convenience, primarily as a way for members to access (^Company^) online products and services. Staff may easily demonstrate (^Company^) online products and services to members or prospects. Wi-Fi access points, located at the Court Street facilities and in most branch offices, allow for compatible wireless device connectivity.

Microwaves, cordless telephones, neighboring APs, and other Radio Frequency (RF) devices that operate on the same frequencies as Wi-Fi are known sources of Wi-Fi signal interference. Wi-Fi bandwidth is shared by everyone connected to a given Wi-Fi access point (AP). As the number of Wi-Fi connections increase, the bandwidth available to each connection decreases and performance deteriorates. Therefore, the number and placement of APs in a given building is a considered design decision. Due to many variables out of direct (^Company^) control, availability, bandwidth, and access is not guaranteed.

The (^Company^) Wi-Fi network and connection to the Internet shall be: 

1. Secured with a passphrase and encryption, in accordance with current industry practice o Passphrases will be of appropriate complexity and changed at appropriate intervals, balancing security practice with the intended convenient business use of the Wi-Fi 
2. Physically or logically separate from the (^Company^) production wired local area network (LAN) and its resources 
3. Provided as a convenience for the use of (^Company^) employees, their vendors while visiting (^Company^), the members of (^Company^), and other visitors with (^Company^)’s express permission via provision of an appropriate passphrase 
4. Optionally provided to members and qualifying visitors, by (^Company^) staff, with the provision of an appropriate passphrase and may be accessed only with the agreement to acceptable use policy statements provided online or in a written or verbal format 
5. Accessed by employees only in accordance with the Acceptable Use policy and its cross-referenced policies seen in Policy 1 in this document 
6. Used for access to the (^Company^) production LAN only for business use and with the approved use of a (^Company^) issued virtual private network (VPN) connection 

(^Company^)’s Wi-Fi service may be changed, the passphrase re-issued or rescinded, the network made unavailable, or otherwise removed without notice for the security or sustainability of (^Company^) business

Public Wi-Fi Usage

When using Wi-Fi on a mobile device in a public establishment, there are precautions that should be followed.

Do: 

1. As with any Internet-connected device, defend your laptop, tablet, phone, etc. against Internet threats. Make sure your computer or device has the latest antivirus software, turn on the firewall, never perform a download on a public Internet connection, and use strong passwords. 
2. Look around before selecting a place to sit, consider a seat with your back to a wall and position your device so that someone nearby cannot easily see the screen. 
3. Assume all Wi-Fi links are suspicious, so choose a connection carefully. A rogue wireless link may have been set up by a hacker. Actively choose the one that is known to be the network you expect and have reason to trust. 
4. Try to confirm that a given Wi-Fi link is legitimate. Check the security level of the network by choosing the most secure connection, even if you have to pay for access. A password-protected connection (one that is unique for your use) is better than one with a widely shared passphrase and infinitely better than one without a passphrase. 
5. Consider that one of two similar-appearing SSIDs or connection names may be rogue and could have been setup by a hacker. Inquire of the manager of the establishment for information about their official Wi-Fi access point. 
6. Avoid free Wi-Fi with no encryption. Even if your website or other activity is using https (with a lock symbol in your browser) or other secure protocols, you are at much greater risk of snooping, eavesdropping, and hacking when on an open WiFi connection (such as at Starbuck’s, McDonald’s, some hotels, etc.). 
7. Seek out Wi-Fi connections that use current industry accepted encryption methods and that generally will require the obtaining of a passphrase from the establishment. 
8. Consider using your cell phone data plan for sensitive activities rather than untrusted Wi-Fi, or your own mobile hotspot if you have one or have been provided with one. 
9. If you must use an open Wi-Fi, do not engage in high-risk transactions or highlyconfidential communication without first connecting to a virtual private network (VPN). 
10. If sensitive information absolutely must be entered while using a public network, limit your activity and make sure that, at a minimum, your web browser connection is encrypted with the locked padlock icon visible in the corner of the browser window, and make sure the web address begins with https://. If possible, save your financial transactions for when you are on a trusted and secured connection, at home, for instance. Passwords, credit card numbers, online banking logins, and other financial information is less secure on a public network. 
11. Avoid visiting sites that can make it easier or more tempting for hackers to steal your data (for example, banking, social media, and any site where your credit card information is stored). 
12. If you need to connect to the (^Company^) network and are authorized to do so, choose a trusted and encrypted Wi-Fi AP or use your personal hotspot. In every case, you must use your (^Company^)-provided VPN at all times. The VPN tunnel encrypts your information and communications and besides, hackers are much less likely to be able to penetrate this tunnel and will prefer to seek less secure targets. 
13. In general, turn off your wireless network on your computer, tablet, or phone when you are not using it to prevent automatic connection to open and possibly dangerous APs. Set your device to not connect automatically to public or unknown and untrusted networks. 

Do Not: 

1. Leave your device unattended, not even for a moment. Your device may be subject to loss or theft, and even if it is still where you left it, a thief could have installed a keylogger to capture your keystrokes or other malware to monitor or intercept the device or connection. 
2. Email or originate other messages of a confidential nature or conduct banking or other sensitive activities, and definitely not when connected to an open, unencrypted Wi-Fi. 
3. Allow automatic connection to or connection to first Wi-Fi AP your device finds, as it may be a rogue AP set up by a thief. Rather, choose the one that is known to be the network you expect and have reason to trust.