Wi-Fi and security are better together for SMBs

Ryan Orsi, Director of Strategic Alliances at WatchGuard Technologies

Wireless adoption is growing fast globally, with Wi-Fi access becoming ubiquitous in businesses, stores, corporate environments and public spaces; literally everywhere we go.

As a small to midsized business (SMB), you may be considering or already offering Wi-Fi as a service to your customers. It’s a great idea. SMBs are adding Wi-Fi access in their environments to increase customer satisfaction, build loyalty, repeat visits, and enable unique marketing opportunities. Customers appreciate and come to expect a fast, reliable secure wireless network experience.

Wi-Fi hotspots are – well, hot. According to Cisco’s Visual Networking Index (VNI) IP traffic forecast, 63 percent of all Internet traffic will travel over Wi-Fi by 2019. The number of public hotspots is exploding, expected by iPass to grow to almost 300 million in 2018.

With exponential growth in Wi-Fi hotspots, network security attacks are on the rise. This isn’t a real surprise, as security is an often overlooked yet critical element in the explosion of wireless today. It’s important for organizations to develop a secure wireless strategy to help ensure their customers have safer, more trusted secure computing experiences while accessing sites and services within a guest network. Otherwise, organizations may unwittingly allow hackers to steal their customer’s valuable data while lurking online via a Wi-Fi network.

Since Wi-Fi’s infancy, hackers have been finding and exploiting vulnerabilities in Wi-Fi networks. The payoff for hackers are easy to understand. There are real security risks to accessing cloud services in public spaces on an open Wi-Fi network. Just sit at your local café for a while. You’ll see people log into services that may include personal online banking sites. They may type in username/password combinations to access enterprise cloud services including salesforce.com and Office 365.

A hacker can use what is known as a man-in-the-middle attack to intercept the keystrokes to capture passwords and other valuable data when people use services. They simply need to set up an access point that mimics the café’s legitimate SSID and trick a device into joining their network. At that point, the Internet is basically routed through the attacker who can silently intercept keystrokes, and other personal data without the user being aware.

Attackers can also exploit weaknesses in a Wi-Fi hotspot with simple tactics like packet sniffing to intercept a device’s authentication handshake when using the hotspot. With the user’s handshake and the café’s “Wi-Fi password of the day,” which is the same for all customers, the attacker can easily decrypt Wi-Fi transmissions and steal sensitive data without being detected.

SMBs are hot targets because hackers find they have less cyber security protection. Unfortunately, nearly 50 percent of small businesses have already been impacted by cyber-attacks with an average cost of more than 20 thousand dollars – up from 8.7k two years ago.

Wi-Fi access alone simply means the ability to connect devices wirelessly and serve all traffic to the devices. This has been the most common Wi-Fi implementation to date. However, as the number of devices using Wi-Fi grow exponentially and attacks get more sophisticated, security and access needs to be integrated together in Wi-Fi. This is historically a best practice with wired connections that applies to Wi-Fi networks.

Four tips for SMBs to consider when deploying, upgrading or managing Wi-Fi access for customers:

1. There are many great gateway security appliances that have integrated Wi-Fi security capabilities and services. Be sure your offering has:

  • Anti-virus protection
  • Anti-malware, including protection for zero day threats and advanced persistent threats
  • Intrusion prevention
  • Application ID and control for monitoring and optionally blocking certain risky traffic
  • Web content filtering to prevent unsuspecting people connected to your Wi-Fi from accidentally clicking a hyperlink that invites exploitation, malware, and back doors to be loaded into your network.

2. Include network segmentation in your layered defense-in-depth strategy. Effective network segmentation allows you to keep an additional layer of security on key corporate assets inside the perimeter, and the public out of your secure business data. Your customer Wi-Fi network should be just that – a separate network just for your customers.

3. Although you are doing your best to keep customers safe, you should still include a disclaimer and require a password to log on to your wireless.

4. Finally, it’s all about your customers. A little bit of monitoring can go a long way in identifying potential problems and security risks on your customer Wi-Fi network. You don’t need some advanced SIEM solution, but there are lightweight threat intelligence products out there that help automate alerting and bring big-ticket problems to your attention.

My last recommendation for SMBs when shopping for Wi-Fi solutions is to remember to consult an IT service provider in your community, as they can be an excellent source of advice and guidance.

Nobody wants to be the reason customers’ data gets hacked, so thinking ahead to protect them while allowing them to have Wi-Fi access can help you build good will in 2016.