Posted by Geraldine Hunt on Wed, Mar 20th, 2019
Public Wi-Fi gives hospitality and service businesses an amenity that attracts customers and keeps them around, but having an open Wi-Fi network also adds possible vulnerabilities. For safe browsing, security must be integrated before making Wi-Fi public. Here are ten tips to help businesses offering public Wi-Fi hotspots and users connecting to it.
1. Use the Latest Encryption Algorithm
Until recently, the standard for encryption on Wi-Fi was WPA2, but the encryption algorithm was cracked in 2017. Most current Wi-Fi hotspots have WPA2 configured because it's supported by most modern devices, but it leaves the hotspot vulnerable to attackers. WPA3 is the latest in encryption standards for Wi-Fi. The issue with configuring WPA3 is that some older devices won’t be able to connect to the Wi-Fi hotspot. However, WPA3 will be supported by future devices and should be configured sooner rather than later for the best encryption security.
2. Keep Public Wi-Fi Traffic Separated from Business Network Resources
Businesses should never mix public Wi-Fi networks with internal business resources. These two networks should be separated, and employees should connect only internally and never on public hotspots. Leave hotspots for customers and the general public only. This reduces risk of a data breach and employee data stolen, and it’s a requirement for certain compliance standards such as HIPAA.
3. Use VPN for Added Security
For hotspots still using older encryption, users should take an extra step with security and use VPN. VPN will “tunnel” traffic and protect from man-in-the-middle (MitM) attacks. An extra layer of encryption protects data should an attacker be able to crack Wi-Fi router encryption settings.
4. Avoid Using Cleartext HTTP on Public Wi-Fi
Although the Internet is moving towards encrypted traffic as a standard, some sites still use cleartext HTTP. Any site that asks for credentials or private data should use HTTPS, but it’s up to users to identify when sites don’t encrypt traffic. Most modern browsers display a lock symbol when a URL is using SSL or TLS, so look for this symbol before sending data over public hotspot networks.
5. Disable Wi-Fi After Hours
Wi-Fi signals are strong enough where users outside of the premises can access it. Leaving Wi-Fi active after hours gives attackers the ability to test for exploits with no one present. To avoid some attacks and to protect the network from hackers after hours, the business can disable it when not catering to customers.
6. Watch for Similar Wi-Fi Names
Attackers often create hotspots on their own devices using similar names as the official business network. Just one letter or number off from the official Wi-Fi hotspot can trick unsuspecting users into connecting to the wrong one. An attacker can then use MitM attacks to read data passed through the malicious hotspot. Note that using a VPN will protect data, but users should still check the name of the hotspot before connecting to it.
7. Never Conduct Financial Transactions on Public Wi-Fi
Even if a banking connection is using SSL/TLS and you’re using a VPN, avoid conducting financial transactions. Shoulder surfing is common in public places. Shoulder surfing is a type of social engineering where an attacker watches keystrokes and input on a screen to steal user credentials. By watching keystrokes and input values, an attacker could then silently log into user accounts either on the Wi-Fi or from another location.
8. Turn Off Windows Sharing
When connecting to public Wi-Fi, Windows asks for the connection type. If the type is “Public,” then Windows disables sharing from other people on the network. However, users should disable shared folders especially ones that contain sensitive data. If the entire C drive is shared, then it’s even more important. Attackers could potentially steal data, but they can also upload malware to a device.
9. Rotate Passwords Regularly
Password rotation is standard for cybersecurity. For Wi-Fi networks, it protects businesses from having non-customers connect to Wi-Fi and use it for nefarious reasons. Eventually, the Wi-Fi password gets passed around or posted to the Internet, which makes it open to attackers. By rotating password, the business can reduce the number of non-customers connecting and keep it to customer-only access.
Cybersecurity should be a priority for any business that allows public access to Wi-Fi. Users should also take precautions. By combining cybersecurity from the business and educating users with the right security practices, public Wi-Fi can be a safe place to browse the Internet.
10. Use Content Filtering
Last but certainly not least, businesses that provide public Wi-Fi networks should protect users by adding cybersecurity to resources. One way to protect users from phishing and malware is to add content filtering to the network. Content filtering uses DNS-based lookups to block browsers from accessing a website or Internet application. This blocks users from downloading malicious content that could affect their system and the integrity of the public Wi-Fi network.
Another added benefit is the ability to block website categories that tailor to your clientele. For instance, if you cater to young families, you may choose to block access to sites that contain adult themes or offensive content. All of this can be managed through a simple web GUI interface using your web browser.
WebTitan Cloud for Wi-Fi allows guest Wi-Fi providers to :
- Control content and online activities without any impact on Internet speed
- Block pornography and other inappropriate content to make the Wi-Fi network family-friendly
- Prevent users from engaging in illegal activity
- Block phishing websites
- Prevent malware and ransomware downloads
- Restrict bandwidth-heavy activities such as video and music streaming services
- Create user groups with different restrictions, allowing streaming or adult content for specific user groups
- Set web filtering controls for different access points
- Manage content filtering for multiple hotels with ease, no matter where in the world they are located.
WebTitan for Wi-Fi is designed to be simple and cost-effective so you can deploy full-featured Wi-Fi protection for your guests, quickly and easily. To find out more, please contact our team of security experts today.