Wireless Weakness

January 11, 2008

January 11 2008

The December 15 2007 issue of CIO Magazine has a brief article by Thomas Wailgum that seems to reference a more detailed article at cio.com . While the article is pointed at retail industries, it is applicable to many businesses.

The article, plus its referenced study points out the benefits, plus the risks in enabling wireless networking in the business. Wireless networking is a great tool for productivity, ease of deployment, as well as other benefits. However if not managed appropriately, the risks can outweigh those benefits.

Wireless networks can be reasonably secure, however most small / medium business may not have the knowledge or expertise to implement security correctly on these devices. In some cases, I am confident that some may not know that there is some security steps that should be implemented. At the same time the “cool” or “easy” factor makes people want to use it, often that may be the business owner or other senior managers!

In 2005 TJX Corp, had information from up to 50 Million debit and credit card exposed via  hackers. While the sheer number of accounts is staggering, it all apparently started with a simple wireless price checking device. That “simple” device was not properly secured.

I find it unforgivable that a major retailer would not have the skills to ensure security of wireless devices, but in the Small / Medium Business (SMB) space, you probably have a technology staff of either zero, where you bring in outside contractors to fix what you cannot do yourself, or you have one to five or so Technology staff who are more worried about why you aren’t getting that email or why your PowerPoint presentation keeps blowing up, than looking strategically at what security threats that little wireless device could cause.

Why should you care if you have an unsecured wireless network? I mean, you really don’t do anything world critical right? There are many reasons that you should care;

1) Do you really want your Internet Service Provider informing you that they will cancel your account because millions of unsolicited commercial emails (SPAM) and email viruses are coming from your “office”? They are probably coming from the apartments across the street – but it is your network that they are using. Or worse, find that your customer or partner base is getting these SPAM emails as well, and it “looks” like it is coming from sales@your_company.com?

2) Trust me on this, you will hate the day you see a “low disk space” message on your server(s) and find out every bit of it is filled with pornographic or pirated material that is dumped on your server. Hey – why should they pay? they can use your internet connection and space for free!. Even consider just the plain extra cost if you have an Internet Connection where you pay excess overage fees if you use more than a certain amount of Internet traffic.

3) If you do any form of retail, the Payment Card Industry (PCI) standards will not be pleased if every credit card used in your operation is followed by illegal use somewhere else.

4) This one is rather amusing, but can be real, depending on your wireless and computer setup – intermittent connection problems with your wireless enabled computers? have you looked to see if your computer is actually connecting to someone else’s wireless unsecured network before it connects to yours? And you wonder why you can’t properly connect to your servers for months ….

How prevalent is the issue with unsecured wireless networks? if you are actually looking, the problem is everywhere. From my own notebook computer, from both my home, plus my office there are wireless networks with no security enabled.

As a senior manager with a SMB, the onus is on you to ensure that your contractors, or your staff take security seriously in any wireless initiative. If you are the lone “IT person” or provide contract services, you should be explaining these risks up front.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s