MicrosoftAgain, the point is that for a company with hundreds or thousands of employees, there is a high likelihood of MANY of these employees bringing a laptop, or a smartphone, into the company Wifi. If that can not be expressly forbidden, then you would expect that these laptops and phones are ALSO used for personal websites these people visit when out of the office--at home, and the norm could easily be hundreds of stored "password requiring websites" on each laptop or phone--with weak passwords --meaning a range of commonly used passwords can easily be stolen. My expectation is the failing of the employees with "mediocre" password security knowledge ( 95% of them, even with training) to be aware of the personal use threats that are likely to be a serious problem in their laptop or phone. At home, these employees will do what they always do, regardless of training. it's human nature for the masses.
Unless the company wifi forces each person entering the building each day to walk through a DETECT and CLEAN room where new exploits from weak passwords are searched for with each person entering the building, you would expect a majority of employees will be connecting daily WITH many hackers already having stolen many key passwords the employees use repeatedly in many of their non-critical and very critical sites.
So-- How does the company deal with potentially hundreds of Trojan Horses from employees walking in to the building each day?
