Company Wi-Fi Usage?

LOLGEOFF

LOLGEOFF

The Name's Lol, Not Geoff.
UKGSer Subscriber
Joined
Jul 26, 2003
Messages
6,074
Reaction score
1,910
Location
Hartley, Kent.
At the Parish Council we are implementing an Information Technology Policy. There has been good IT housekeeping by the Clerk and her assistant but we have introduced a new member of staff that seems to be a bit lackadaisical with her use of Council computers so we are setting down the ground rules for all to follow.

The question I have is does logging in on to the Council WiFi and accessing unauthorised sites, using a personal smartphone, laptop or tablet, constitute a breach of office internet use rules even if its during an authorised break?
 
if there's a terms and conditions of reasonable useage... you can pin it on anyone...

equally they could claim it was accidental and you should have locked it down better...

the best one I heard of was someone a business wanted rid off got sent a file, opened it and hey presto they go fired

the image was of sam fox aged 16, with all her baps out...
 
'unauthorised sites'? I'd suggest that these are unauthorised irrespective of it being a personal device or doing it in your own time.

If the network has been setup correctly then those sites could/would/should be blocked automatically IMO, thus rendering the point moot.

Easy and inexpensive to do with any number of open source solutions (e.g. E2guardian) and a RaspberryPi

Just needs a Web Content filter and if you really wanted you could also add something like PiHole which will also block requests to a number of sites - depending on which lists you choose to use.
 
Who gave her the password to connect a personal device to the wifi? There's the problem.

At my last workplace, we could access some websites on work computers but we could not connect personal stuff to the network by wifi or use a USB stick that had not been secured.
 
What does your Acceptable Use Policy state with respect to WiFi, internet access and personal devices? (You do have one, right?)
 
wessie said:
Who gave her the password to connect a personal device to the wifi? There's the problem.

At my last workplace, we could access some websites on work computers but we could not connect personal stuff to the network by wifi or use a USB stick that had not been secured.
Click to expand...

If you're really doing it properly then you have someone set up each device and use MAC address filtering so that non-authorised devices can't connect even if they do have the credentials.

As an ISP we used to put connections into NHS buildings despite them having an exclusive deal with BT. All the work stuff went through BT but no personal stuff whatsoever was allowed on it, hence the second connection we put in which staff could connect personal devices to.

Daft in some ways, but kept everything secure.
 
AndrewA said:
(You do have one, right?)
Click to expand...
It does sound like the policy is being written at the moment, so advice on what to include / exclude seems reasonable to ask.

Sounds silly @LOLGEOFF but if the Parish Council don't have a TV licence and someone uses the connection to watch live TV then unless you can identify the user you may be liable.

Silly example in some ways, but there are lots of these sorts of things that you can't really predict.

I would personally put a firewall in with content filtering and just ban absolutely all the bannable categories. See how that works and perhaps start allowing some categories as required later on. Start very strict and (maybe) ease off later would be my approach.
 
LOLGEOFF said:
The question I have is does logging in on to the Council WiFi and accessing unauthorised sites, using a personal smartphone, laptop or tablet, constitute a breach of office internet use rules even if its during an authorised break?
Click to expand...

sparkplug said:
It does sound like the policy is being written at the moment, so advice on what to include / exclude seems reasonable to ask.
Click to expand...

If there is no policy, then no rules are broken unless they’re doing something illegal.

If the OP’s query is to get some insight into what people consider acceptable or not, then it’s down to those writing the policy. If you have limited bandwidth then you might create a policy limiting usage to work devices and work tasks. If you’re somewhere without mobile data coverage, you might decide to allow personal devices for personal usage.

<shrug>

If you’re using the internet/wifi as some form of trust mechanism to restrict access (eg to a server or system) then you probably don’t want personal devices connecting.
 
sparkplug said:
If you're really doing it properly then you have someone set up each device and use MAC address filtering so that non-authorised devices can't connect even if they do have the credentials.

As an ISP we used to put connections into NHS buildings despite them having an exclusive deal with BT. All the work stuff went through BT but no personal stuff whatsoever was allowed on it, hence the second connection we put in which staff could connect personal devices to.

Daft in some ways, but kept everything secure.
Click to expand...

we had similar in Shire Hall. There seems to be a gov.uk network that can a) provide limited open access to the public such as libraries, b) provide secure access to staff visiting other government agencies and c) provide access for personal devices for anyone with a gov.uk email address. I have not worked for over 2 years but my personal phone is still registered on the Gov wifi network.
 
wessie said:
Who gave her the password to connect a personal device to the wifi? There's the problem.

At my last workplace, we could access some websites on work computers but we could not connect personal stuff to the network by wifi or use a USB stick that had not been secured.
Click to expand...
Not sure really, probably the same way I got it by reading the little slide bit in the back of the router. She has already been told about connecting anything to the system so hopefully that won't happen.
 
Two options : allow personal devices or not.

Either way you want to limit exposure to potential abuse of bandwidth (Video streaming/YouTube etc.) And also to potential explicit content sites.

Either way you need to implement a web content filter.

If you have a third-party IT support then go with accredited software as you will have fallback in case of issue.

If you are drafting a policy you can use chatgpt /copilot to generate an AUP to get main points and prompt appropriately to define what you want.
 
LOLGEOFF said:
Not sure really, probably the same way I got it by reading the little slide bit in the back of the router. She has already been told about connecting anything to the system so hopefully that won't happen.
Click to expand...

you need to change the router password ASAP just in case she shares it with ANOther to ponce off your broadband when nearby.

if you do not know how to do it, youtube will have a video specific to the router involved - best to use a computer connected to the router with a cable when changing passwords.
 
Thanks for all you're replies.

Yes there were only two people in the office, both very conscientious workers so it was felt that a policy wasn't needed. The new worker seems to have a different attitude to computer and mobile phone usage so we are getting stuff written down to back up any disagreements later on. The policy will state that the Council's internet service shall not be used for chat rooms or social networking sites for personal purposes but what I'm asking is would that mean connecting a phone to the WiFi to read Facebook on a lunch break? The council doesn't have a television license but if someone accessed a broadcasting site on a private device and was caught would the blame be on the user or the supplier of the access to the Internet?
 
I forgot to add that we have recently had to change to a .gov.uk website and all councillors can now only be contacted using their council email addresses through the Council's server due to data protection regs.
 
have you done any benchmarking with similar organisations in your area? Do neighbouring parish councils with employees allow staff to access the wifi? What is their policy?
 
LOLGEOFF said:
if someone accessed a broadcasting site on a private device and was caught would the blame be on the user or the supplier of the access to the Internet?
Click to expand...
The burden of proof would be on the supplier of the internet connection.

If your system can identify the individual (through verifiable logs, not "I saw Dave watching Love Island in his tea break") then you're covered. If not then what happens on your internet connection is your responsibility (IIRC Warlord and perhaps someone else said they begrudgingly paid the TV licence because they couldn't be sure that kids or similar in the household wouldn't be doing it behind their backs)

Impossible in my house because those sites are specifically on blacklists on the firewall and cannot be accessed.

Like I say, £50 on a RaspberryPi and maybe £200 paying someone to set up the free software for you could solve the problem. That or spend a few hours on YouTube and learn how to do it yourself if you've got a bit of IT skill and a lot of patience.
 
LOLGEOFF said:
At the Parish Council we are implementing an Information Technology Policy. There has been good IT housekeeping by the Clerk and her assistant but we have introduced a new member of staff that seems to be a bit lackadaisical with her use of Council computers so we are setting down the ground rules for all to follow.

The question I have is does logging in on to the Council WiFi and accessing unauthorised sites, using a personal smartphone, laptop or tablet, constitute a breach of office internet use rules even if its during an authorised break?
Click to expand...
The answer is, it’s depends on your policy. There’s no laws against someone using a organisation’s WiFi for personal use, but a company (or organisation) may have a policy that prohibits it.

Same with logging on with a personal device - many organisations have a BYOD (bring your own device) policy as it saves on forking out for iPhones and iPads for company use.

Unauthorised sites are whatever your policy deems to be unauthorised.

Using a company device the same - some organisations allow personal use within policy, some don’t. I would for example use my company laptop for personal use if I was travelling, if needed. Perfectly allowable by my companies policy.

I can dig out our company acceptable use policy if you like, should be a good place to start
 
Same as above.
And it has been the same for the last 4 or 5 businesses I worked with.

Hell, the agency I worked for 10+ years didn't even block porn sites on the office network.

All had BYOD devices for the reasons above and also for the use of contractors.
We all use our personal phones (to various extents) for work use too.

I always had a work MacBook that I always used for personal stuff (no third party work because of the clauses) and, to be fair, none of the laptops were managed back in the day.

Current company (part of a far, far, far larger org) I still can use my work MacBook for personal use when needed. It's remotely managed so I keep near zero sensible personal data on it compared to other company laptops I had in the past.


My post above was tongue in cheek, but to be fair I've never come across any company that was particular about web usage from the employees (as long as you get shit done, goes without saying). Never, unless they are doing something illegal online.
A few jobs back, some idiot started downloading movies from work. They sent a few emails to everyone, then, since he insisted, they singled out the person.

I'd honestly have a word with the employee. Way simpler and cheaper. Then put a standard policy as suggested above.
 
Again thanks for the replies. The Parish Clerk is exactly what you would want for controlling public money and assets and is very black or white, commendable but not very flexible in her running of the office. We have a policy template from the National Association of Local Governments that we need to tailor fit for our own use. I too are in the camp of if the work gets done why worry? but I'm not the Responsible Officer or the one having to directly account for the use of residents money. I'm just trying to work out how we don't end up with a too rigid policy on personal use that could cause more problems than it solves.
 
Nippy Normans supply Touratech, Wunderlich, Desert Fox and many other makes of accessories.
You must log in or register to reply here.

Similar threads

DaveS
For Sale Samsung Galaxy Tab Active3 SM-T575 64GB, Wi-Fi + 4G (Unlocked), 8" - Black
Replies
0
Views
225
DaveS
DaveS
richie
Wi-Fi keeps fropping
Replies
12
Views
1,587
richie
richie
vRSG60
Anyone use a Wi-fi FileHub?
Replies
0
Views
778
vRSG60
vRSG60
steveC
Sierra update wi-fi issues
Replies
7
Views
2,077
ymfb
ymfb
Wi-Fi stopped working on my iPad
2
Replies
28
Views
6,117
John Roberts


Back
Top Bottom