Welcome to our first two-part blog series about managing the risks of Wi-Fi. In Part One, we’ll be discussing the security risks associated with a Wi-Fi strategy for businesses, and how an effective Wi-Fi strategy demands more than just easy guest access.
Deploying an effective Wi-Fi strategy
Guest Wi-Fi is a standard offering for growing numbers of organisations from hotels, cafes and sports centres offering free Wi-Fi to customers, to businesses providing Wi-Fi for partners, suppliers and customers visiting the office. But how many organisations have any idea about the way in which that Wi-Fi network is being used? Not only does the company have a clear liability if a customer is viewing inappropriate – or illegal – images or content, but an inadequately secured Wi-Fi network can be an open door to the rest of the business infrastructure.
However, in an era of heightened security awareness, too many organisations appear to be overlooking Wi-Fi. The truth is, a fully managed service is key to delivering the content management and security policies required to improve customer service whilst safeguarding the business.
The vulnerability of information has been reinforced in recent weeks. From the recent hacks at TalkTalk and British Gas to the technical issue experienced by Marks & Spencer and their website, all of which compromised customer information, individuals have become far more aware of the risk to personal data – and companies have become ever more alert to the risk to reputation associated with an information breach or network misuse.
And yet while most organisations have raised their game when it comes to hardening the IT infrastructure, how many are paying any attention to the Wi-Fi connection? In an era where guest Wi-Fi access has become an essential aspect of most business models, far too few companies are putting any good controls in place to safeguard the way in which this network is used. The draft Investigatory Powers Bill currently being discussed in parliament adds further weight to the discussion as it suggests that the Internet ‘activity’ of every person should be stored by ISPs for a minimum of 12 months. That activity will be generated through many of these free Wi-Fi connections.
The reality is that should a guest misuse the Wi-Fi network – to view inappropriate content for example – the business could potentially be held liable. Furthermore, without the right controls in place, the Wi-Fi connection can become a simple back door into the overall corporate network, undermining all the other aspects of network security being introduced. Poorly managed, uncontrolled Wi-Fi is essentially an open connection that can lead to serious business problems.
It is important to step back and consider the way in which Wi-Fi is used – by both staff and guests – and assess the risks. Under the current legislation an organisation needs to be able to demonstrate a robust intent to prevent people – both employees and guests – from breaking the law. For most organisations, there is also a requirement to comply with CSR policies regarding the type of content accessed; policies that can include, for example, limiting personal social media usage.
Furthermore, in the era of the Internet of Things, with connected devices that now require 100% uptime, as well as a growing reliance on cloud based data and applications, the implications of any network glitch are potentially devastating. No organisation, therefore, can afford to leave the open door of unsecured Wi-Fi that could enable the introduction of malicious code.
However, far too many SMEs are using nothing more than a single router with a Wi-Fi access point and feel secure because the access is password limited. Yet when that password is handed out to any guest on demand – how can that be secure? In many cases access is not even time limited – gain access once and an individual can automatically log into that network, and hence every aspect of the Internet, again at any time. Attitudes to Wi-Fi are adding significant corporate risk.
In Part Two, find out about the two essential aspects of Wi-Fi control and mitigation. In the meantime, if you have any questions or would like to discuss the topic further, please give us a call on 01234 865880 or email us at firstname.lastname@example.org.
For more articles and blog posts like this one, follow us on social media.
You can also sign up to our monthly Newsletter for the latest news and updates.