Church WiFi Strategies

© 2013 by Nick B. Nicholaou, all rights reserved
President, Ministry Business Services, Inc.
Reprinted from Christian Computing Magazine 

Many churches offer or want to offer WiFi throughout their campuses. It’s a good way to serve your congregation, empower your team, and even attract larger events to your campus. There are strategies worth considering– some technical and some with legal implications.

Starting At The Beginning
I like to address this topic as it enters the building, so let’s start with bandwidth. We’re often asked how much bandwidth is needed. Our answer is almost always, “As much as you can reasonably get!” The reason is that if you offer public WiFi, it needs to be robust or people will complain. In fact, they’ll complain more about poor bandwidth than about not having any access! So get as much as you can.

When shopping for Internet connectivity, or bandwidth, check all the potential vendors in your area. That includes telephone companies, television cable providers, and may even include businesses that have fiber optic cable running next to your property who may be willing to let you use some of their bandwidth!

Firewalls & Filtering
Once the Internet enters your building, there are a couple of important considerations.

  • Firewall.  It’s important to protect your system from would-be hackers, whether they are people or Internet apps (called bots). Putting a good firewall at the entrance to your building is a good way to protect your church. We recommend SonicWALL firewalls because they’re a good match of capabilities, services, and price-point for churches. They have an annual subscription fee that is wise to keep current because it helps make certain the firewall can recognize new kinds of threats that want to cause harm.
  • Filtering.  It’s important to filter Internet content. This is definitely true for public WiFi access on your campus; it’s also true for your staff’s protection. Again, SonicWALL to the rescue. Their subscription includes filtering, and is easily configurable to meet your church’s needs.

Two SSIDs
I alluded in the points above to public and private WiFi access. This is a strategy that works well in providing the services people need while also protecting your network resources (servers, data, printers, etc). We usually set up two SSIDs (an SSID is the public name of a wireless network) configured as follows:

  • Public SSID:  This WiFi connection is usually password protected (more on that in the next section) and allows those connected to it to access the Internet; they have no access to your network data, printers, or servers. Because all Internet activity goes through the firewall, it is filtered.
  • Private SSID:  This WiFi connection is always password protected and only available to staff because it allows access to the Internet AND to your network data, printers, and servers.

Public SSID Password Protection
We recommend password protecting the public SSID from those not involved at the church who might like to piggyback on your bandwidth. The password can be published in the weekly bulletin or projected for the congregation, and should be changed monthly.

This sounds like a hassle, and it is! But there are significant legal ramifications if this isn’t done!

We learned recently of a church in Missouri whose public WiFi was not password protected. Someone was downloading and distributing child pornography over the church’s unsecured WiFi Internet connection. When the authorities were investigating the child porn case, they identified the church’s IP address as the one through which the porn was distributed and subpoenaed the church’s computers and servers for analysis. The authorities can keep the computers for 2-3 months before determining they are clean and can be returned. That effectively puts the church out of business from an IT perspective!

The key points here are:

  • Secure public WiFi access.
  • Be sure all Internet content is being effectively filtered based on type of content.
  • Have an off-site backup of the church’s data as a disaster recovery/ business continuity plan. (For more on a backup strategy, see my article available online for free at https://www.mbsinc.com/back-it-up-heres-how.)

Wireless Access Points (WAPs)
There are two WAP specs we use:

  • High Density.  This is needed when you have more than 800 people in a room trying to connect to the Internet via your WAPs. For high density WAPs, we recommend Ruckus.
  • Low & Medium Density.  This spec is appropriately less expensive, and works well in rooms where there are less 800 trying to connect. For low and medium density WAPs, we recommend SonicWALL SonicPoints.

In both cases, the physical placement and configuration of the WAPs is critical.

I hope you found this helpful as you design your first WiFi system or re-evaluate your existing one. WiFi is a great way to serve, and with some strategy, can do so very well.

Leave a Comment