NU Online News Service, June 14, 2:43 p.m. EDT
Schools, libraries, airports, hotels: most of these heavily trafficked venues now offer convenient Wi-Fi access to hundreds of employees and patrons, and unintentionally offer hackers potential access to scores of personal information.
However, your cozy local café could be the hottest spot for cyber-attacks on unsecured networks, says a Travelers executive.
There were 515 million records breached in theU.S.in 2010, reports the Privacy Rights Clearinghouse (PRC), and another study finds that the average data breach that year cost $7.2 million.
Small businesses may not carry that kind of weight in user data, but they also often overlook the risk-management methods that can stop cyber attacks in their tracks.
“Small businesses don’t have the resources to implement and operate sophisticated security procedures,” says Jason Glasgow, CyberRisk product manager for Travelers bond and financial products.
Criminals usually conduct their shady business by opening a portal through a server to access the Internet, says the risk specialist. If the portal lacks protective software, the criminal can access information about the company providing the connection, or can stay undetected within the network until an unsuspecting customer shares financial or personally identifiable information.
“The biggest expenses occur when companies unintentionally allow criminals access to patron information that is then used to commit identification fraud, and WiFi is just another avenue to get to that information,”Glasgow says. “Criminals can use an unsecure connection to conduct a cyber attack on the host or use it to attack other entities.”
The PRC says unencrypted networks, which don’t scramble user information as it is entered into the network, is prone to three major privacy threats: when a hacker intercepts a computer-router connection to collect and transfer data to his or her own computer; when the hacker uses a “sniffer” application to monitor and capture other’s logon details and credit card numbers; and old-fashioned over-the-shoulder snooping to eavesdrop login codes.
Businesses can provide WiFi safeguards by purchasing a secure network with an encryption service and regularly changing or rotating its password. Employees should monitor those receiving the network key by sharing it only with paying customers. A user agreement should always be posted on the sign-in page to limit the host’s liability.
Further safety suggestions from the PRC include abstaining from conducting sensitive transactions over unsecured Wi-Fi networks, or utilizing a Virtual Private Network (VPN) that encrypts information on all Wi-Fi networks, whether already encoded or not.
On occasion, certain sites and e-mail servers such as Gmail offer a separate secured connection. The simple trick to access the link is to add an “s” to the beginning of a domain name (https://).
Even the most stringent safety measures aren’t ironclad, so Travelers offers a suite of CyberRisk management liability products offering first- and third-party coverage for crisis management event expenses, security breach remediation expenses, data restoration, E-commerce extortion, and media liability, among other coverage options.