# Have we educated our users about the risks of using wireless (Wi-Fi) networks, especially on unsecured open networks (e.g. public spaces such as at many hotels and coffee shops)?

# Do we encourage use of encryption above network layer such as SSL or Virtual Private Networks (VPN)?

# Do we operate Wi-Fi access points in our unit? If so:

o Have we turned off the broadcasting of SSIDs?

o Do we require an encryption key (WEP or WPA) to use our access points?

------ How do we manage the passphrase?

------ Do we enforce periodic changes to passphrase

? o Whom do we let connect to our access point(s)

•------ Just people in our department? Guests? Anyone

? o How do we monitor activity over our wireless access points?