written by: Joe Taylor Jr.•edited by: Bill Bunter•updated: 2/4/2011
With office guests and subcontractors frequently requiring access to office networks and servers, business experts suggest a set of policies that can protect customer privacy as well as the integrity of the office IT setup.
slide 1 of 1
Four recommendations for granting network access to vendors and subcontractors.
It’s now common for visitors, vendors, and subcontractors to request network access during a visit to your office. Some visitors, like accounts and attorneys, may require access to sensitive data stored on company servers. Other guests, like clients or sales agents, may simply want to download e-mail and load up PowerPoint decks. Regardless of the business need for network access, enterprise security experts recommend four specific actions to keep networks and company data secure.
Start with a call to your corporate counsel’s office.
Whether you have an in-house attorney on speed dial or an outside firm on retainer, developing a consistent guest data policy requires the insight of a legal professional. Opening up network access for visitors and subcontractors may be as easy as allowing them to plug in an Ethernet cable. However, the way in which a company monitors and protects its internal network may jeopardize a professional relationship if handled carelessly.
Distinguish between courtesy and necessity.
Clients, vendors, and other casual guests in an office may have no need at all to access company servers or sensitive networks. Many offices now offer a courtesy wireless Internet connection, usually in their lobbies or conference rooms. Using a standard router, the connection can be configured without exposing guests to the core internal network or to company servers. To protect against network intrusion or other misuse, the router can be configured for standard WPA or WEP encryption and password protection. For even more control over guest network access, a network admission control system can register visitors’ machines and monitor traffic for unauthorized activity.
Set boundaries and guidelines for company data privacy and network access.
Determining “unauthorized activity" causes network administrators and company attorneys the most grief when considering network access for visitors and subcontractors. While protecting a company’s personnel data and trade secrets may sound like a fair assumption, managers must set expectations about other kinds of network use. For example, who holds the liability for a lawsuit filed after a network guest uses a file-sharing program, or if a guest accesses distasteful material that offends employees?
Although it seems like both common courtesy and professional business etiquette for a network visitor to avoid disruptive online behavior, many companies find themselves struggling to cope with the consequences after a guest misuses a corporate network. Setting clear guidelines and publishing them to visitors, usually in the form of a EULA-style announcement upon login, helps deter unprofessional actions while reducing the risk of exposure to hackers.
Leverage existing user accounts on routers and servers.
As in the courtesy network example described above, standard routers and servers offer built-in user access controls that can be configured for guest access. Some systems offer a standard “guest" account that offers network access for visitors and subcontractors. Guest accounts can be given basic permission and access to select drives or folders on a network. For more precise control over what network guests can see, file-level permissions can be set for specific user accounts. It may require more time and energy for an IT department to set up a user account for each subcontractor on the network. However, the advantages to allowing subcontractors to collaborate with employees and to access shared files often justify the overhead.
Develop an inspection and registration policy.
For most companies, the biggest threat to network security from visitor machines is not the actions that guests themselves might take. In fact, viruses and malware on visitor machines pose the most risk to network integrity and data privacy. Installing a network-level virus scanner and malware detector system can help prevent carried-in threats from taking root in an office. However, many IT veterans recommend a policy that requires visitors and subcontractors to a hardware inspection before being granted access to company networks. While this may seem time consuming, an inspection of a visitor’s machine can eliminate potential threats before they can propagate on an office server.