WiFi has been a natural fit for hotels and coffee houses for years now. Free WiFi is becoming a mainstay offering for many restaurants now and even retailers are realizing the added benefits of free WiFi for their bottom line. In fact, a study back in 2013 showed that 80 percent of customers feel that an in-store Wi-Fi connection would influence their purchase decisions. Translation - customers are more willing to purchase from a store that provides a Wi-Fi connection. The division between brick and mortar stores and online retailers is becoming more muddled every year. Amazon just announced this week that they are unveiling a new physical location in Seattle, Washington called Amazon Go, that has no registers. Instead, shoppers scan into the store with their free Amazon Go app, shop as normal, and leave the store with the items billed to their Amazon.com account. Amazon then plans on opening up to 2,000 similar locations across the country. In other words, the biggest online retailer in the world is now competing in your own physical back yard. Still think you don’t need guest WiFi throughout your store?
Implementing a dedicated guest WiFi brings with it a lot of security concerns. It is imperative to not only protect the internal company network from intruders that may probe the guest network, but also protect your customers from basic malware, drive-by-downloads and man-in-middle attacks. It’s the old adage that it takes ten or more positive experiences to negate one negative. Make sure your WiFi and Wi-Fi filter is a benefit, and remember, you can be too careful when it comes to network security!
Below is a simple checklist to ensure a secure, safe, successful WiFi experience for your valued customers:
Sometimes we get too caught up in securing our digital systems that we forget the fact that all security starts with the physical safeguarding of your physical network peripherals such as wireless access points, routers and switches. Any device that has an Ethernet port is vulnerable to intruders who can easily plug in their device and modify your configurations. In order to prevent this, all network peripherals should be kept in a secure location such as a locked closet. Should a closet not be available, wireless access points should be concealed above the ceiling. As an additional precaution, you can also configure define IP scopes for all Ethernet ports on your devices.
It is imperative to make sure that your guest network is rigidly divided from your company’s internal network in order to prevent intruders from browsing and accessing your network assets and confidential resources. This should be done through the aid of a network firewall. For larger organizations that may be utilizing enterprise switches, a separate VLAN should be created for the access points that broadcast the guest wireless SSID. If your firewall has routing functions, you should route all network traffic for the guest network straight out to the Internet. You should also protect all of your servers and company computers with a software firewall that will stop traffic coming from the guest network.
This sounds obvious but some of the largest cyber-attacks as of late were performed by exploiting this fact. Change all default admin passwords for all of your network peripherals and change the name of your SSID to a name that your customers can easily distinguish as your service in order to prevent rogue access points and man-in-the-middle attacks.
So many of the cyber-attacks you read about in the paper could have easily been prevented by simply updating the firmware of network peripherals. These updates often times shore up exploits that have been discovered, exploits that cybercriminals take advantage of almost immediately (sometimes referred to as zero day attacks). Take the time to check for updates for all of your devices on a monthly basis.
Yes, it is easier to provide open wireless and allow everyone within reach to simply access your network, but like many things in life, doing something the easy way doesn’t necessarily mean it’s the best way. Your customers may think they appreciate the ease of open wireless, but it also makes their wireless sessions vulnerable to hackers and wannabe intruders. Make sure you secure your wireless network with WPA2 encryption and proudly display the name of your guest SSID designated password so your customers can easily see them.
If you provide Internet services to your customers in this day and age, then you need to provide content filtering as well. You don’t want your business to be the place that minors go to in order to access websites of adult nature and questionable tastes. You also want to protect your customers from sites that serve as malware launching pads. This can be easily accomplished by subscribing to a cloud based web filtering service, eliminating the need for additional equipment or having to worry about update management and configurations.
Are you a hotel that wants to discuss the opportunity that Wi-Fi filtering offers? Talk to a specialist or Email us at email@example.com with any questions.
Sign-up for email updates...