William Shakespeare once wrote, “the eyes are the windows to your soul,” but if you ask savvy retailers, they might say it’s guest Wi-Fi. Why? New Wi-Fi systems allow them to use powerful features like social media integration, SMS and email to gather key information about customers and connect with them long after they leave a brick and mortor location. While these features are good for both the business and its customers, they can also create challenges for small business owners who are already extremely busy.
To help combat these challenges, Google recently announced Google Station, a suite of tools designed to make it easy to create, maintain and log in to Wi-Fi networks at places like parks, airports and coffee shops. And they’re not alone, for example GoGoGuest also recently launched to help coffee shops manage Wi-Fi usage.
It’s not surprising that Google and others are trying to improve public Wi-Fi. Consumers have a ravenous appetite for Wi-Fi, and expect a good Wi-Fi connection to be anywhere and everywhere. Unfortunately, many small businesses and distributed enterprises don’t have the technical expertise to set up their own networks properly. There is also a bigger problem. None of these solutions address the elephant in the room – security.
Common public Wi-Fi attacks
Cybercriminals target the public wireless networks of SMBs and distributed enterprises with increasing frequency. These businesses are attractive targets because they don’t have the required security solutions to defend themselves. For example, here are a few common attacks that could target customers using the Wi-Fi at a coffee shop, mall or train station:
- Honeypot or “Evil Twin” access points, which broadcast legitimate SSID names and lure people in to connect to the attacker. This opens the door to a range of exploits that allow bad guys to steal login credentials and data.
- Karma attacks, where client devices are automatically tricked into connecting to SSIDs that have been saved on the client and set to “auto connect.”
- Man-in-the-middle attacks, which trick users into connecting to a honeypot or evil twin access point by presenting legitimate-looking web pages such as banking, shopping or social web pages. Attackers will then steal login credentials and snoop on all the traffic generated by the user.
- Mobile attacks, such as Android’s Stagefright, can spread from guest to guest, even if victim zero is oblivious to the outbreak. As the number of wireless users on the network grows, so does the risk of a pre-infected client entering the network and spreading the attack to others.
Wireless security vulnerabilities are a huge problem for public Wi-Fi networks and will continue to be a problem, even if Google takes over. So how can businesses go about shoring up wireless security to protect their customers and themselves? What kinds of security measures should Google and startups like GoGoGuest build into their public Wi-Fi offerings?
Public Wi-Fi security best practices
Here are several security best practices that organizations of any size should implement to establish secure Wi-Fi:
- Implement Wi-Fi access points with built-in Wireless Intrusion Detection Systems (WIDS) to monitor the airspace for malicious activity.
- Turn on automatic Wireless Intrusion Prevention to disable malicious attakers immediately. No one has time to dig through mountains of WIDS logs. Automated prevention features can minimize the time it take to shut down malicious activity, saving you days, weeks or months.
- Watch for Wi-Fi access points that provide WIPS false positive protection to avoid accidentally disabling neighboring Wi-Fi networks that were miscategorized as rogue or malicious.
- Always use network segmentation to separate guest and private networks. This is required for PCI compliance and will protect your business network from being affected by any attacks on your public Wi-Fi network.
- Pair wireless network management with a gateway security appliance to strengthen your overall security posture.
- Consult an IT expert when deploying your Wi-Fi network if you don’t have the knowledge to set up your own.