On a recent trip from Boston to New York on an Acela Express train, I was writing blogs and doing some research using Amtrak’s free wireless Internet. “Free” usually translates to “unsecured,” which means a criminal hacker with the right hardware and software could have sniffed out my wireless communications and grabbed my data. That same hacker, depending on my device’s firewall, setup and sharing settings, might also have been able to access my drive and files and even plant a virus on my device.
But I wasn’t worried because I use a virtual private network software that allows me to surf on an unsecured connection.
Amtrak also knows its free wireless is risky for its users, so before you can use it, you have to agree to the terms and conditions of the Wi-Fi’s use that indemnify Amtrak.
Protecting Your Business
Free wireless is everywhere, because Wi-Fi brings in customers and is a great tool to help create customer loyalty as well. Numerous merchants, including hotels, coffee joints, fast food places and numerous others with a storefront, offer free Wi-Fi to attract people and increase sales.
But it has its downsides, too. If you’re offering it in your place of business, you need to understand that your access point can be used for criminal activity-and to hack your own business, too.
My profession is that of online-security and identity theft protection. Below I’ve put together what criminals look for when they connect to free Wi-Fi:
Pirating music, movies and software via P2P programs. This criminal activity costs the recording and motion picture industries billions of dollars every year. The Recording Industry Association of America (RIAA) and the Motion Picture Association of America (MPAA) are cracking down on any IP address associated with illegal downloading and will come after your business too.
- Child pornography. Law enforcement spends lots of time in chatrooms posing as vulnerable kids, chatting it up with pedophiles who buy sell and trade in child pornography. If your IP address is used for this purpose, you will get a knock on the door with a battering ram.
- Criminal hacking. Bad-guy hackers look for vulnerabilities in others’ devices when using free Wi-Fi networks. They steal keystrokes, usernames, passwords and account info, and install spyware and viruses.
You’re not powerless against these hackers. These three safeguards are the first hurdles you can put in place to secure your company’s Wi-Fi:
1. Use a web proxy/filter. IT security vendors sell software that filters out or blocks known websites and prevents the sharing of P2P files. For more details on what kind of information can be accessed, search “internet access control software” to find a suitable vendor.
2. Add an agreeable use policy. There are numerous phrases a small business can incorporate into an agreeable guest use policy. You may want to include such language as “User agrees not to …”
- Willfully, without authorization, gain access to any computer, software, program, documentation or property contained in any computer or network, including obtaining the password(s) of other persons. Intercepting or attempting to intercept or otherwise monitor any communications not explicitly intended for him or her without authorization is prohibited.
- Make, distribute and/or use unauthorized duplicates of copyrighted material, including software applications, proprietary data and information technology resources. This includes the sharing of entertainment (e.g., music, movies, video games) files in violation of copyright law.
You may want to search for and read other business’s agreeable use policies in order to help you compose your own. And be sure to have your lawyer or legal department review it before you begin having customers agree to it.
3. Implement a secure Wi-Fi. Wi-Fi that requires users to log in with a username and password to charge even a dollar will then have their credit card number on file. This would mostly eliminate any anonymity, thus preventing numerous e-crimes.
Don’t think for a second something bad involving Wi-Fi can’t happen to your business. Performing due diligence, knowing your options and implementing these barriers will keep both you and your customers from legal troubles and from getting hacked.
y:”Timm�e �B�P orrester found:
- 36 percent of breaches stem from inadvertent misuse of data by employees.
- 42 percent received training on how to remain secure at work, which means 58 percent haven’t had training at all.
- 57 percent say they’re not even aware of their organization’s current security policies.
- 25 percent say a breach occurred because of abuse by a malicious insider.
Guarding What’s Yours
The most important thing companies can do to guard against data breaches is to put the right security measures in place. Employees who need identification include those who are known to access critical data resources, such as those in accounting, human resources, administration, legal, personnel and account management as well as company officers and various contractors.
Looking at data flow-that is, where data might be either vulnerable, shared across departments or bottle-necked-companies should work with each critical department to gradually implement security controls that create a delicate balance of security and productivity for day-to-day activities.
Data loss prevention begins with data discovery, classifying data in need of protection, and then determining what level of risk your company may face. Then you should complete a cost/benefit analysis and review the various technologies that can integrate with your existing systems. These include data loss prevention (DLP) technologies that provide real-time network activity monitoring, as well as system status monitoring from the inside out and the outside in.
The goal is to limit who has access to what data as well as determine why the person needs it. It’s also important to look for your vulnerabilities from outside attacks. DLP can simultaneously determine when employees are circumventing security because the system may be prohibiting them from getting their job done.
Other procedures and tools you might want to consider implementing include:
- System-wide encryption
- Tools that report alerts and events
- Inspection access controls
- Password management
- Multifactor authentication
- Device recognition
- Data disposal for e-data, paper data and discarded devices
This last one is critical because the more transparent your network security and security policies are, the more effective each department will be when communicating its requirements, needs, wants and differences.
The battle to fight criminal hackers from the outside must not hinder your employees’ progress on the inside. At the same time, you must protect against internal threats from employees that can lead to a data breach, which is an equally dangerous risk that your IT department must acknowledge-and work to secure quickly.