By Brendan Patterson
Did you know that 78 percent of smartphone data goes across Wi-Fi? That is a pretty powerful statement, but it should not be a surprise. Today’s consumer is always connected, and always looking to find a free Wi-Fi network to help eliminate burning through their data plan. Most consumers expect free Wi-Fi in retail environments, and the good news is, wireless is no longer just the preserve of coffee shops and hotels, as retailers have fully embraced it.
As a matter of fact, in the United States there are more than 650,000 hotspots provided in retail locations not including cafes or hotels. Many large box stores even have their own proprietary apps. However, it is not just the big guys delivering Wi-Fi. A recent survey of more than 400 small consumer-facing businesses across the U.S. found that more than 69 percent had added complimentary Wi-Fi as a service for customers, to increase foot traffic, time on premise, and customer spend. Today, savvy retailers know that free Wi-Fi gives them a unique opportunity to present the brand, product or bargain to the customer, while delivering something buyers wants as well, hotspot connectivity. But, as a retailer, what are some of the key considerations when offering Wi-Fi?
While Internet access may be a priority for customers, lax security controls often jeopardize guest network users and create a risky proposition for customers wanting to connect. Major names like Home Depot, Target, and Neiman Marcus hit the headlines for all the wrong reasons in 2014. Millions of personal credit card details have been stolen. Even though they do not always make the top headlines, smaller retailers have been impacted by the same malware and hacks too. The bottom line, security matters.
Any company that stores credit card data is aware that the Payment Card Industry Data Security Standard (PCI DSS) has strict controls over information technology and dictates that any aspect of the network that stores cardholder data needs to be completely segregated from other parts of the network.
Key Tip #1: Retailers need to ensure that any wireless guest networks are completely segregated from their own business network. Strict firewall rules need to be in place to enforce segmentation between any guest traffic and the network used by employees, point-of-sale systems (POS), and back office applications. Also, by now, most people have heard about these new advanced persistent threats (APTs) and zero day malware.
Key Tip #2: It is no longer enough to just have traditional AntiVirus solutions that protect the personal computers and laptops. More sophisticated advanced malware detection is required, and virus detection should also be deployed at the firewall level to catch any malware before it is downloaded at the store. These more advanced firewall systems (called next generation or unified threat management firewalls) send unknown files for analysis and emulation into the cloud, instead of relying on traditional signature detection. The end result is a new level of security that can help stop advanced attacks.
When offering free Wi-Fi, security is not the only consideration. Another key question is will your network hold up to the performance demands? Bandwidth is expensive. Stores want to provide the convenience of Wi-Fi access to customers, but do they really want them watching the latest episode of Game of Thrones in HD on the network? (The HBO GO application requires 3 Mbps for HD content). Probably not.
Key Tip #3: To help combat these bandwidth hogs, businesses should put into place adequate network controls that can limit excessive bandwidth usage by any client that connects. And, what about appropriate content? A lot of liability comes with offering free guest wireless access, even if most hospitality organizations do not realize or recognize the risk. Retailers need to know who is on their networks and for what reasons. The vast majority of stores are family friendly environments.
Key Tip #4: Retailers should limit the ability of customers to visit adult or pornographic sites. To avoid any issues with Internet Service Providers, stores should also restrict the ability to run applications like Bittorrent that can download large amounts of pirated data. Do not let the hotspot become a place where school kids and students come to access content or applications that they cannot get on their school or campus network.
Some of these tips probably feel like no-brainers, but the reality is many businesses do not protect or monitor their guest network in the same way they do their business network. A recent WatchGuard survey revealed that 51 percent of organizations do not monitor guest networks for suspect applications, malware or malicious activities; 62 percent do not monitor guest activity to limit bandwidth-intensive applications; and 48 percent do not use policy mapping or data visualization tools to monitor performance. This lapse of guest Internet and Wi-Fi network visibility and controls can have a significant impact on overall network performance and user experience, on top of growing security risks.
But, the good news is, there are technologies available that can make it easy to deliver a secure, high performance guest Wi-Fi network. WatchGuard provides solutions including both wireless access points and multi-function firewalls that give businesses the tools to easily segment a guest Wi-Fi network, use advanced new security services, monitor bandwidth usage, and restrict access to “questionable” websites. The firewalls also deliver specific guest access features so retailers can: tailor the hotspot user experience with custom hotspot splash pages branded with company logos; provide flexible account options, such as configurable time limits; and minimize liability with custom terms and conditions.
Your guest Wi-Fi network is an extension of your organization and brand. Keep it safe from uninvited guests.
Brendan Patterson is a Director of Product Management at WatchGuard Technologies, with responsibility for the Fireware operating system, hardware, and security services. Brendan is a Certified Information Systems Security Professional (CISSP) with more than 15 years of experience in security and networking technologies. For more information please visit, www.watchguard.com.