Recently, I visited a good-sized company, and I needed to access my email. I flipped open my laptop, found the network, and easily guessed the password -- the name of the company. Sure, it’s convenient for visitors who have good intentions, but what about passersby who are looking for a hotspot to use for less innocuous purposes?
Most of the time, unaware individuals or mom-and-pop cafes offering free WiFi are the culprits, but corporations leave themselves vulnerable by creating wide-open hotspots, too. Here are five things that can go horribly wrong for any organization (or individual) leaving its wireless networks open:
Copyright lawsuits.
The Recording Industry Association of America (RIAA) and the Motion Picture Association of America (MPAA) don’t just go after the individual who downloads copyrighted content. Their lawyers take aim at network providers, and that includes businesses that provide network hotspots. The RIAA and MPAA can claim negligence on the part of the business for not securing their Internet access. A case filed earlier this year in Federal court could determine just how liable negligent businesses are for misuse of their corporate hotspots.
Criminal liability.
Copyright lawsuits are bad enough, but what if some miscreant is downloading child pornography or committing fraudulent acts while using your company’s hotspot? Internet service providers (ISPs) enjoy a certain amount of immunity -- but hotspot providers do not. Courts haven’t taken on this thorny issue, but they will soon enough.
Intellectual property theft.
While most of the computers on your corporate network aren’t using the hotspot, there is always that one person who is hunkered down on her laptop in the conference room. She’s connected to the wireless network, and since this is the office, she’s set the network as a “trusted” network. All it takes is a savvy miscreant to jump on the wireless network and access her files, and trade secrets or regulated documents could easily fall into the wrong hands.
Becoming a worm hotspot.
You’ve installed antivirus software on every computer on the network -- that is, every computer you control. But viruses aren't the only security threats. With an open wireless network, your servers could easily become a distribution point for worms or a home for distributed denial of service (DDoS) attacks.
Termination of your Internet access.
Some wireless service providers can hold corporate customers responsible for violating Terms of Service (ToS) by endangering network security. If your corporate WiFi leads to security problems, your access could be terminated.
Companies do have options to avoid these problems. First and foremost, create a separate wireless hotspot for visitors. Not a single employee should be connecting to this hotspot.
Second, lock down the hotspot. You can still offer wireless access to guests, but invest in a log-in system that includes an acceptable use policy that users must agree to before they can access the Internet. (Think about when you use the WiFi at Starbucks: You have to agree to their ToS before you can check out Facebook.) This covers you in case someone decides to download the latest Twilight movie while visiting your site or using your WiFi from the parking lot.
Remember, you can be held liable for what people do with your Internet. Keep your network protected.
This is certainly a challenge enterprises are going to have to meet, with so many employees and visitors connecting from the fringe, using their own devices.
Some companies are unwilling to set up a separate hotspot with TOS because they don't want the expense, and others set up hotspots and password protect them (which may not be enough to protect their sensitive data). But enterprises can't afford to take these risks.
I like how you laid out the risks so clearly. Unfortunately, many companies fail to see that and are pretty careless with their networks (like the one you mentioned.) Creating a separate hotspot for visitors and setting up a log-in system for outsiders to access the network are good starting points to securing corporate WiFi.
I admit that having to obtain login information or click through as TOS agreement might be a pain sometimes, but if users really want WiFi, then there's no hurdle they won't be willing to go through.
RE: Secure free wifi? What does it look like? And who is going to pay for it? A Government stimilus check?But why would anyone wants to secure a wifi that is free?
What makes you wonder? Do you think the owner is doing the public a big favor for the use of open wifi? I guess your second statement answers your question/conundrum.....
What is your own idea then? and by the way what do you mean by "But why would anyone wants to secure a wifi that is free?"....isn't that what a government is supposed to want to do?
I don't remember where I read it, but it was a gas station owner complaining about how it is that they got stuck with providing bathrooms for everyone on the highway system. That said, it's awfully convenient for travelers that, by and large, you can count on finding public restrooms at gas stations.
So what is it that is going to become the 'public wifi' provider? Starbucks? McDonald's? Something else? I've even seen some state and interstate highways provide wifi on their own at every rest stop, which is great, but it'd be nice to have it everywhere. (Of course you've got the problem of providers making municipal wifi illegal.)
The one complication is that these connections often aren't encrypted, and ISTR the EFF attorneys saying a few months back at Black Hat that there was some legal liability you opened for yourself if you didn't use encrypted connections. I don't recall what it was, though.
"I wonder if there's ever going to be anything like secure free wifi. Government sponsored maybe but that would take a lot of resources and manpower to control also."
how does that differ from what Starbucks and McDonalds offer now? it's free and 'secure', no?
I'm wondering if this overlaps with consumer wifi (not corporate) too. I was told this by the technician who "installed" my internet connection. (I believe they do this for revenue purposes as it's not free. not complaining because I'm happy with the different policies by the branch of TW here than other places I've lived).
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
Last week's official US release of the BlackBerry Z10, the BlackBerry 10 touchscreen device, on the AT&T network marked the official entry of BlackBerry as a player in the formidable US smartphone market. While most consumers may not be swayed from their shiny, sleek iPhones and Android devices, businesses may still have a compelling reason to deploy BlackBerry 10. However, BlackBerry needs to do a few things before businesses will jump on the bandwagon, including opening up their management API and luring consumers to their device.
Whenever I whip out my BlackBerry Bold in public, someone will undoubtedly say, "Oh, how cute. You still use a BlackBerry." Yes, I do, and I'll use it until the day I die.
As legacy applications outlive their usefulness, companies look toward the cloud for maximum efficiency and minimum expense. But nothing is as simple or easy as just “moving to the cloud.” Legacy applications need to be modernized, and data has to be migrated. It’s the kind of headache that makes any seasoned IT pro reach for the coffee maker -- and a fistful of Advil.
With the advent of low-cost Web cameras and broadband network connections, home security systems have become a hot business. In addition to traditional security suppliers, like ADT, the market is attracting telcos, cable companies, and energy providers, thereby creating an area of increasing competition.
A survey by JD Powers found that customer interest in product features is lessening as phones evolve. Rather than features, price is driving purchases, and that change could have a dramatic impact on how IT departments secure these devices.
Watching TV is not healthy for you, according to conventional wisdom. Well, that may soon change. Comcast and United Healthcare are now delivering diabetes prevention videos on-demand to high-risk patients. The partnership illustrates how healthcare may be delivered in the future.
Over 20 percent of Verizon's workforce is on strike, thanks to the company's efforts to make up for reduced wireline revenues by reducing the value of wireline union jobs. Given Verizon's current profitability, it's time for management to find a better solution.
Maybe Google+ will be competitive and maybe it won't, but it's likely to introduce video calling and OTT communications as a replacement for standard telephony. There will be major consequences to this, and we don't have an FCC or political framework capable of coping.
AT&T is buying spectrum from Qualcomm, and the fact that it's happening only now suggests that mobile services and profit models aren't as easy to predict as we thought.
Big-data and analytics tools enable marketers to understand customers as individuals, identifying unmet needs and addressing each customer as a "segment of one," says John Kennedy, VP corporate marketing, IBM.
New York's Metropolitan Transit Authority is conducting a pilot test of digital kiosks to guide subway users to where they want to go more efficiently and at lower cost.
The whole Amazon.reader debate is a double-stupid. It's stupid to think that there's any e-book buyer who doesn't know Amazon's URL, and it was stupider to let ICANN launch the whole free-form TLD initiative to start with.
While NFC's original goal was to enhance mobile commerce applications, it is finding its way into a number of other uses, which is creating both opportunity as well as challenges for IT departments.
Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
Edmunds separates customers into segments based on the info it collects on its site and from partners, and uses that to push out custom content, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
The IBM Smarter Commerce Global Summit in Monaco kicked into high gear today, and we've already begun to see news emerging from that lovely city-state by the sea.
Expert Integrated Systems: Changing the Experience & Economics of IT In this e-book, we take an in-depth look at these expert integrated systems -- what they are, how they work, and how they have the potential to help CIOs achieve dramatic savings while restoring IT's role as business innovator. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?
To save this item to your list of favorite Internet Evolution content so you can find it later in your Profile page, click the "Save It" button next to the item.
Email This
