(By Robert Siciliano)
“Free” usually translates to “unsecured,” which means a criminal hacker with the right hardware and software could have sniffed out my wireless communications and grabbed my data. That same hacker, depending on my device’s firewall, setup and sharing settings, might also have been able to access my drive and files and even plant a virus on my device.“
On a recent trip on an Express train, I was writing blogs and doing some research using Amtrak’s free wireless Internet. “Free” usually translates to “unsecured,” which means a criminal hacker with the right hardware and software could have sniffed out my wireless communications and grabbed my data. That same hacker, depending on my device’s firewall, setup and sharing settings, might also have been able to access my drive and files and even plant a virus on my device.
But I wasn’t worried because I use a virtual private network software that allows me to surf on an unsecured connection.
Amtrak also knows its free wireless is risky for its users, so before you can use it, you have to agree to the terms and conditions of the Wi-Fi’s use that indemnify Amtrak.
Protecting Your Business
Free wireless is everywhere, because Wi-Fi brings in customers and is a great tool to help create customer loyalty as well. Numerous merchants, including hotels, coffee joints, fast food places and numerous others with a storefront, offer free Wi-Fi to attract people and increase sales.
But it has its downsides, too. If you’re offering it in your place of business, you need to understand that your access point can be used for criminal activity—and to hack your own business, too.
So what are criminals looking for? Criminals connect to free Wi-Fi for:
Pirating music, movies and software via P2P programs. This criminal activity costs the recording and motion picture industries billions of dollars every year. The Recording Industry Association of America (RIAA) and the Motion Picture Association of America (MPAA) are cracking down on any IP address associated with illegal downloading and will come after your business too.
Child pornography. Law enforcement spends lots of time in chatrooms posing as vulnerable kids, chatting it up with pedophiles who buy sell and trade in child pornography. If your IP address is used for this purpose, you will get a knock on the door with a battering ram.
Criminal hacking. Bad-guy hackers look for vulnerabilities in others’ devices when using free Wi-Fi networks. They steal keystrokes, usernames, passwords and account info, and install spyware and viruses.
You’re not powerless against these hackers. These three safeguards are the first hurdles you can put in place to secure your company’s Wi-Fi:
1. Use a web proxy/filter. IT security vendors sell software that filters out or blocks known websites and prevents the sharing of P2P files. For more details on what kind of information can be accessed, search “internet access control software” to find a suitable vendor.
2. Add an agreeable use policy. There are numerous phrases a small business can incorporate into an agreeable guest use policy. You may want to include such language as “User agrees not to …”
Willfully, without authorization, gain access to any computer, software, program, documentation or property contained in any computer or network, including obtaining the password(s) of other persons. Intercepting or attempting to intercept or otherwise monitor any communications not explicitly intended for him or her without authorization is prohibited.
Make, distribute and/or use unauthorized duplicates of copyrighted material, including software applications, proprietary data and information technology resources. This includes the sharing of entertainment (e.g., music, movies, video games) files in violation of copyright law.
You may want to search for and read other business’s agreeable use policies in order to help you compose your own. And be sure to have your lawyer or legal department review it before you begin having customers agree to it.
3. Implement a secure Wi-Fi. Wi-Fi that requires users to log in with a username and password to charge even a dollar will then have their credit card number on file. This would mostly eliminate any anonymity, thus preventing numerous e-crimes.
Don’t think for a second something bad can’t happen to your business. Performing due diligence, knowing your options and implementing these barriers will keep both you and your customers from legal troubles and from getting hacked.
“Opinion pieces of this sort published on RISE Networks are those of the original authors and do not in anyway represent the thoughts, beliefs and ideas of RISE Networks.”