sr2/www.sr2.uk
5
0
Fork 2
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
www.sr2.uk/policies/public_wifi.bs
irl f66adc0b65
All checks were successful
ci / build_and_publish (push) Successful in 23s
Details
feat: adds some draft policies
2026-04-22 11:54:58 +01:00

61 lines
3.1 KiB
Text
Raw Blame History

<h1>Public WiFi Policy</h1>
<pre class="metadata">
Status: DREAM
Local Boilerplate: header yes, copyright yes
Boilerplate: status no
TR: https://www.sr2.uk/policies/public-wifi/
Shortname: public-wifi
Complain About: accidental-2119 yes
No Editor: true
!Version: 1.0
Abstract: A policy governing staff and contractor use of public WiFi networks when accessing company data.
</pre>
# Objective # {#objective}
The company approves remote working to work-related cloud services and work email accounts, as long as the devices used
to access these have been sanctioned by the company. Using public WiFi to conduct business, without the necessary
safeguards, places our data at risk of theft. The purpose of this policy is to provide the framework for those
safeguards.
# Scope # {#scope}
The scope of the policy covers all individuals either employed or contracted to work with, or for, the company, either
on a company site or remotely.
# Definitions # {#definitions}
: Public WiFi Network
:: Any wireless network access provided by a third party, such as hotels, cafes, airports, or public hotspots, that is
open to public or unvetted access. For the purpose of this policy, eduroam connections other than those on an SR2
managed site are to be considered Public WiFi Networks.
: Sanctioned Device
:: A device (e.g., laptop, tablet, smartphone) that has been approved and provisioned by the
company for business use, with appropriate security configurations and software installed.
# Policy # {#policy}
Devices that are not sanctioned by the company, including home PCs or public access PCs, MUST NOT be used to access
company cloud services, data, or email accounts.
Though the company takes every effort to ensure that sanctioned devices are adequately protected, the individual MUST
ensure that, before connecting to the Wi-Fi network, the device has:
- up-to-date antivirus and antispyware software;
- a firewall that is activated and configured to company requirements (i.e. the settings have not been changed) since
the device was configured;
- all software (including the Web browser) is current with automatic updating;
- file sharing (e.g. SMB) is switched off.
For security reasons staff and contractors MUST:
- consider if mobile phone tethering is available and use this as the first choice;
- consider delaying transmission of information until at a secure location;
- not follow prompts to update software whilst connected to a public network;
- not rely on the encryption provided by the Public WiFi Network (e.g. WPA) to protect company data;
- ensure that an end-to-end encrypted connection is established and the user has been trained in setting up
such a connection for each service to be used (for the avoidance of doubt, TLS is considered to be end-to-end
providing that the certificate presented by the server is validated);
- ensure that URLs in Web browsers are showing the correct Web addresses in case a criminal has hijacked the Wireless
Access Point and is forwarding traffic to their site;
- keep all information secure, including restricting the view of the screen from any unauthorised person(s);
Reference in a new issue View git blame Copy permalink