Recently we were called to a small chain of coffee shops in Hampshire, a well-known brand that wanted to improve the performance of its Wi-Fi speed and coverage for the benefit of the customers.
But what we discovered was more truly worrying, and a common issue faced by people just giving out the password to their Wi-Fi network freely and easily.
With everything else entirely wide open, we could have immense amounts of fun with just the simple Wi-Fi password given out to all users. We could:
1) Connect to their EPOS system and see the shared documents on their main till.
2) Connect to their office printer and scanner, scan the documents on their scanner bed, and print what we wanted off their printer
3) Connect to their SONOS speakers and change the music to whatever we wanted
4) …and see everyone else on their network, as well as everyone’s documents that hadn’t been locked down.
This is dangerous for business
You don’t need a degree in computer hacking to understand how this could be massively dangerous for a business, as their entire business processes, documents and confidential data becomes wide open. Anyone can access it. It’s as dangerous as giving every customer your debit card and pin number.
Despite all the issues surrounding data protection, GDPR and internet security, local businesses are giving out access to their private data freely and easily every day just by sharing their Wi-Fi password.
Many of the local businesses we visit are using just the standard BT Business Hub (or equivalent), which really isn’t designed to be used by 20 data-hungry, espresso-wired, laptop users, and the performance suffers.
It’s not just about great performing Wi-Fi
Surveys and analysis aplenty show the value of high performing, easy to access and reliable Wi-Fi networks, and as an industry we have been able to market this to SME’s quite easily to show them the benefits. I still doubt this has penetrated sufficiently to get through to many of the independent businesses though without sufficient IT expertise.
At the same time though, we need to be showing them the dangers and issues that are associated with providing Wi-Fi access onto badly set up, completely wide open networks. Anyone with a little bit of computing knowledge who is feeling malicious has access to almost any data they want about your business (or the customers sat next to them).
A potential solution
While I’m personally not keen on the use of captive portals that insist on social network or email logins, I’m more inclined to think they have been setup correctly to only allow web traffic ports for customers to use. Even with the basic setup out of the box.
When you have a ‘Wi-Fi expert’ installing your equipment, ask them to show how they are protecting the rest of your network, and that all other traffic is blocked other than the ports necessary.
A little investment could be saving your business more than just money.