People expect and demand connectivity everywhere. Free Wi-Fi was once the domain of coffee shops and libraries, but now businesses ranging from rustic campgrounds to hospital waiting rooms must have Wi-Fi on a guest network to keep their customers happy.
These days, it’s pretty much standard practice to have separate internal and guest Wi-Fi networks. That should solve the problem of data security, right? Well, not entirely.
The pandemic put guest networks on the backburner, but as businesses reopen and people begin to gather again, guest networks are once again seeing a lot of usage. However, some experts are finding MSPs and other security stakeholders are lax in securing them. Now is the perfect time for MSPs to revisit best practices for managing the guest network.
While operating a guest network is a crucial part of any enterprise with a public-facing component, there’s more to it than just having an open guest network. The open network can’t be turned into a free-for-all.
“The last thing you want is someone using your open network to conduct illicit activity because that would bring with it potential liability. It’s still crucial for a guest network to be secure and adequately policed,” says Elizabeth Wise, a cybersecurity consultant in Ottawa, Canada.
Content blocking should be strongly considered, especially sites that center around pornography, gambling, and dating.
Guest networks are rife with issues about protecting sensitive data
“There was a car dealership that our firm handled IT support for. They let guests use free Wi-Fi in the waiting area, and even had a printer available for customers to use. But we found that sometimes customers would double print items or hit print and forget to pick the item up. The dealership was left with paper copies of HIPAA-violating medical data, private banking information of customers, and personal emails,” Wise tells SmarterMSP.
“All of that is a minefield for an MSP to have to navigate. A public printer is just another complication that isn’t probably necessary,” Wise points out. But it’s not just the printer, it’s also passwords.
“Many hotels, for instance, go beyond free Wi-Fi and have a public computer to use. That’s even more of a dangerous situation because people will enter passwords and not delete them, so if you have a public computer, you have to monitor it continuously,” Wise advises.
Another danger of a guest network is the ease at which hackers can spy on your guests and customers. “Make sure you encrypt your wireless network,” Wise says, recommending WPA2/WPA3 encryption. Such encryption is generally adequate.
“Hackers are going to look for the easiest targets first. If they have to mess around with an encrypted network, they will likely just go elsewhere,” Wise states.
Also, don’t be lulled into a false sense of security thinking that a guest network is completely walled off from the main network. Research from the Ben-Gurion University of the Negev in Israel showed that guest networks on routers weren’t as secure as many believe.
“All of the routers we surveyed regardless of brand or price point were vulnerable to at least some cross-network communication once we used specially crafted network packets. A hardware-based solution seems to be the safest approach to guaranteeing isolation between secure and non-secure network devices,” advises Adar Ovadya, a master’s student who conducted the research. Wise concurs with the findings that routers aren’t foolproof.
“The best advice I can MSPs is that you should treat a guest network with as much care as your client’s main network, because there are all sorts of ways a determined hacker can breach the guest network and use it as an entry point to the main one,” Wise says. She adds that complacency is the most significant risk of a guest network
“It is viewed almost as an afterthought, but the firmware needs to be updated, the patching completed, and all the other precautions you’d take with any other network,” Wise explains.
The home guest network
Guest networks are under added scrutiny these days because, even as the COVID-19 pandemic recedes in places, work-from-home is here to stay. So company personnel handling sensitive data from their home networks can inadvertently compromise security by allowing anyone to use their home network.
“Even if a person working from home is using a VPN, it’s still not foolproof,” Wise says. A strongly secured home guest network should be set up. If a visitor wants connectivity, they can do it separately from the main house network.
“Homes are turning into mini-office campuses, so the same cybersecurity rules need to apply,” Wise advises.
Home networks continue to be an emerging opportunity for MSPs that have the resources to offer their services to these types of distributed enterprises.
“Most people don’t have the cybersecurity skills or time to make their homes secure. With more and more people working from home, we are finding more willingness to pay an MSP to handle security. And some companies are demanding it,” Wise concludes.
Photo: santypan / Shutterstock