I believe we need a carrot AND stick approach to this:
- Setup a guest wifi network which both staff and guests can gain access to relatively easily;
- Stop any traffic between devices on that network (your device gets to connect outbound to the internet, that’s it);
- Ban any unauthorised devices from connecting to your corporate network and establish security controls (NAC, 802.1x…) to enforce the ban. Make it a disciplinary matter to bypass your controls.
That should do the trick…:
[…] “Employees are exposing enterprises to a large swath of threats by using personal devices, accessing home devices and monitoring personal entities through corporate networks,” said Deepen Desai, Zscaler’s vice president of security research. “We need to implement security strategies that safeguard enterprise networks by removing shadow IoT devices from the attack surface while continuously improving detection and prevention of attacks that target these devices.”