Many of us experience it. We are in a hotel with our computer, in need of Internet service. And so, we access the public Wi-Fi available for guests. We know that this connection is not secure, and we know not to make purchases or use sites where we have to submit our passwords. Why? Because we understand that everything we do on a public Wi-Fi system is subject to hacking and theft.
The question is, are there possible risks for the owners of these facilities who set up public Wi-Fi for business use as well as for their guests?
The short answer is, yes, there are. Here are some of those risks and how you can work to avoid them.
Snooping/Hacking
There are several ways that hackers can get into your website and online systems – through remote workers, through in-house employees, and, of course, through customers.
- Hackers have software kits that will let them eavesdrop on Wi-Fi signals you have. They can access your entire website, and what your remote workers are doing online when they access permission-based parts of your system with sensitive data.
- Hackers can physically sit in your establishment, between employees who are on the system and the connection point. From here, they can gain access to lots of data, including customer ID and card information, if held in your system
- Hackers who get into your website can push malware into yours, your employees’, and customer/guest devices as well.
The solution?
- First of all, have two separate Wi-Fi connections – one public for customers and guests and one private for your business.
- And if you have sensitive and confidential data, house it on a separate server. Access to that data is permission-based with a two-step login process.
- Consider putting your website and all sensitive and confidential data in a cloud-based platform, again with permission-based access. Sam Donaldson, IT Director for the service TopWritersReview has this to say: “Our writers all work remotely; our customers are all over the world on their own devices. And we have to protect their personal and financial information. We have always had solid security measures and permission-based access to sensitive data. But we are migrating to the cloud because hackers are becoming too sophisticated.”
Rogue Wi-Fi
Hackers can also set up a rogue network that looks and operates just as yours. Both employees and customers will have no idea that they have not accessed the business’s legitimate hotspot. All of a sudden, everyone’s devices are infected.
Here’s how this works. The rogue Wi-Fi will have a very similar name to your business hotspot name. For example, here are two hotspot Wi-Fi names:
Halls Café Wi-Fi
Halls_Cafe Free Wi-Fi
To avoid this danger, regular check your hotspot name(s) – that’s pretty simple.
Worms
Here’s a potentially deadly situation. While worms work similarly to viruses, they can only attack through a program, to infect a system. Worms rely on security failures to target a single computer that is part of a network or that will be accessing business sites and data held within those sites. Open Wi-Fi is easy prey.
Worms will travel from one device to the next, wreaking havoc on a business and potentially ruining its reputation. If you have separate Wi-Fi connections for customers and for your business, you are only moderately safe. Employee use of your business connection is probably the biggest culprit.
Malware
Malware can easily cripple a business. Through capturing data, hackers can then infect all programs and devices, essentially shutting a business down.
Malware has infected businesses far larger than a hotel or restaurant, and their systems are never connected to public Wi-Fi.
The Question Becomes This…
While offering public Wi-Fi to guests and customers is almost a requirement for hotels, restaurants, etc., why would an owner even consider a public connection for his business? Or even use the same connection for his secure system?
Steps for Avoiding Vulnerability
Several of these steps were mentioned above, but they are worth repeating. Remember, hackers always go after the easiest target. The goal is to remove that ease so that they choose to go elsewhere with their dirty deeds. Here are several steps you can take:
● Have a private connection with a reputable provider. A good one has built-in security features.
● Fully separate the connections you have for your customers and for your business.
● Train your employees who have access to your business system(s). Only give them access to what they need. ON your in-house computer system, block access by employees to any suspicious sites, personal emails, and social media accounts. And use a two-step verification process if employees are going to access your system remotely.
● sensitive data should be encrypted (e.g., customer personal and financial information). An encryption system may cost a bit, but how much will the damage cost if your system is hacked? You can also use a third-party SSL-certified payment processor.
● Get rid of old, unused software
● Consider cloud computing, if only to have a backup for your system. If you are breached and “down,” you won’t lose anything.
● If you must connect your business to a public network, use a Virtual Private Network (VPN). Your data will be encrypted and hackers will probably “move on,” as hacking into VPN’s is much tougher.
● If a VPN is not available, then enable the “Always use HTTPS” option, particularly for websites that your business uses often and that require login passwords.
● Provide instructions to your customers who are using public Wi-Fi in your facility. Create a document about Internet security – you can use a writing services, agencies that has a department for all types of business writing. Have this document available all over the place. You can also have a daily changing password for their access to your public Wi-Fi. Post the password each day.
Conclusion
Open Wi-Fi is a huge convenience for your customers and guests. But if you are using that same public connection for business purposes, you are highly vulnerable to breaches with potentially disastrous results. You need to take all of the precautions listed above to preserve your security and, just as important, your reputation.