Got roasted in a security audit for using the same Wi-Fi password for guests and staff

Last month we had a security consultant come in to review our small office setup. She looked at our network config and asked why guests could access the same file server as employees. I told her it was fine because we trust our clients. She said trust is not a security policy and pointed out that anyone sitting in our waiting room could potentially grab sensitive files. She made me set up a separate guest VLAN with no access to internal resources. Took me about two hours to reconfigure the router and test everything. I felt stupid I didn't think of it myself since the hardware supported it the whole time. Does anyone else run separate networks for visitors or just wing it like I was?

1 comments

1 Comment

jade61839m ago

Push back a little here. Separate guest networks are smart, but your old setup wasn't that bad if you had a decent password and rotated it every few weeks. We run a tiny dental office with one router. Our guest wifi is a different SSID with the same subnet but isolated by the router's built-in guest portal. Takes five minutes to enable, no VLANs needed. The real risk was your file server being accessible from the waiting room, but that's more of a shared folder permission issue than a total network overhaul. Sounds like that consultant overcomplicated things for a small office.