Now Available:

line

Featured Resources:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Rebecca.

« Disposal of Computers | Main | Where And How Do You Dispose Of Your Computers, CDs, USB Drives, Etc.? »

More Wifi Security At Home Than At Work?

Last week I posted about how, while driving my sons into town for Noah to attend band camp, they found 100+ wifi hotspots, and only 12 of them were secured according to their macbook lock icons.

This was in a primarily business area, with lots of small to medium sized businesses along the road, strip mall type of shops, and a large shopping mall.

This week while driving my sons into a different part of town for Heath to attend

basketball camp, in a heavily populated residential area closer to downtown Des Moines, through low- to medium-income neighborhoods, with only a couple of businesses (such as gas stations and a small restaurant or two), my sons found 64 wifi hotspots, and only 4 were *UNSECURED*!

I find this very interesting. So, people have better wireless security in their homes than at their work...!?

This brought many different questions and thoughts to mind...

  • Are people, in general, more diligent about information security in their homes than most business are about security in the office?
  • Did the people in this part of town use the same company to set up their wifi service, and that company did an exceptional job of ensuring the wifi access was configured securely? And/or, did the company do an exceptional job of educating their customers of the need for wifi security?
  • Did the company setting up the businesses' wifi access last week, in the other part of town, fail in protecting their customers when they got installed their wifi?
  • Has the wifi in the businesses been around longer, and implemented before security was as much of a concern, and the homes just recently got wifi installed, and people are more security savvy now?
  • Heath's (8 yrs old) theory, "Maybe the people who have it in their homes are all afraid their neighbors will steal their Internet connection so they wouldn't have to pay! And maybe the businesses just don't care."
  • Noah's (11 yrs old) theory (asked separately from Heath), "Well, people know they have a lot of other people living around them, and they don't want them stealing something that THEY paid for. But, businesses are out in the open, and they don't think about security or worry about someone getting on their network when they are more out in the open."

I think Heath and Noah hit it on the head.

What do you think?

If I had the time and resources, it would be very interesting to do thorough research throughout all parts of the metro area to see where wifi security appears to be best, and where it seems to be most lax, and then compare the demographics...

Tags:                
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold on June 27, 2008 8:10 PM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-itcompliance.com/type/mt-tb.cgi/750

Comments

Some of those non-residential networks (the ones that appeared to be governmental, for instance) probably should have been secured, but others could well have been the type you used at IHOP -- deliberately left unsecured for use by customers for free or with a subscription. While better wireless security (and education!) is doubtless in order, perhaps your informal survey doesn't entirely demonstrate the level needed. :)

Posted by: iaman | June 28, 2008 2:07 PM

iaman, thanks for your message, and yes, you have a good point.

My observations were completely non-scientific and ad-hoc. In addition to the IHOP network a couple of other wifi points were for a telecommunications store and another restaurant. It is interesting to note that Starbucks had 2 wireless networks which were both secured. However, that said, what worried me was the large number of professional offices (accountants, lawyers, insurance, etc.) as compared to the retail and restaurant businesses in the area where we were driving, along with the government offices.

Some day it would be quite interesting to do a scientific and formal review of the entire metro area!

Posted by: Rebecca | June 30, 2008 9:16 AM

Simple. It is far easier to secure a home device than one at work. Shared keys, for example, are trivial to manage in your own home.

Lines of responsibility and delegation are clear when you are master of your own domain. This is true in terms of everything from key rotation to handling equipment compatibility.

On the other hand wifi is nearly impossible to manage at work if you are not a security specialist who has been openly tasked with creating a solution.

It is much easier for most businesses to run without wifi security than with it, especially when the risk of a breach is more likely to cause external (customer) rather than internal harm.

Another point to consider is that businesses are outward focused by design. Homes are not so open to guests and even neighbors in general terms, so I would always presume a business environment to be more open than residential areas. It's a cultural distinction.

Posted by: Davi Ottenheimer | June 30, 2008 2:58 PM

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Rebecca Herold's Bio:

Rebecca Herold, CISSP, CIPP, CISM, CISA, FLMI, has been providing information security, privacy and regulatory assistance and services to organizations from a wide range of industries for the past two decades. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the CSI Information Security Program of the Year Award in 1998. IT Security ranked Rebecca as one of the top 59 IT security influencers, and Computerworld put Rebecca their list of the world's best privacy experts and on their list of the best privacy consulting firms in both 2007 and 2008. Rebecca has been CPO for two consulting organizations, and has had her own information privacy, security and compliance business since 2004. Rebecca has written chapters for several books, dozens of articles, and has been writing a monthly privacy column for the CSI Alert newsletter since the beginning of 2001, and is working on her 13th book. Some of her other books include The Privacy Papers, Managing an Information Security and Privacy Awareness and Training Program, The Definitive Guide to Security Inside the Perimeter (Realtime Publishers), The Shortcut Guide to Improving IT Service Support through ITIL (Realtime Publishers), and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, Rebecca is the leader of The Realtime IT Compliance Community where she posts to her IT Compliance weblog. You can contact Rebecca at: rebecca_herold@realtimepublishers.net.