Public WiFi is dangerous — and if it’s not set up correctly, the WiFi in your office can be just as bad, according to Firma ITSS founder Rodney Gullatte Jr.
Gullatte, who is a certified ethical hacker, talked to the Business Journal about the ways businesses are putting their information and systems at risk by taking shortcuts with WiFi.
“People are walking into Starbucks, for example, and connecting to [a WiFi network called] ‘Google Starbucks,’” he said. “That’s all well and good until you’ve got that guy or girl in there drinking coffee with their laptop and a WiFi hotspot that’s also broadcasting ‘Google Starbucks.’ You don’t know which one to connect to — you just want to get work done — so you connect to the wrong one. Now you’re connected to somebody else’s hot spot and they’re able to find out all kinds of things about you through packet sniffing.”
Packet sniffers, Gullatte said, are hacker tools that can capture data packets on your network and reassemble them, giving cybercriminals access to your usernames, passwords, websites you’ve logged in to, files you’re opening — and the ability to make copies of all your data as it moves across your network.
“There’s a right way and a wrong way to set up public WiFi,” Gullatte said. “I’ve been in some places where I get on the public WiFi and I see other people on the network. That’s a poorly-configured public WiFi, and there’s a lot of them like that. And there’s people on those public WiFis waiting for you to connect, because they know it’s poorly configured, and they’ll go through and try to hack all those computers that are on that public WiFi. You’re going to be wide open to those attacks.”
When you’re on the road or working from a coffee shop, conference center or hotel, connect to the wireless hotspot on your cell phone instead of public WiFi.
An alternative is to have your IT support company build a VPN server in your office so you can connect using public WiFi while still keeping your information safe.
Another task to give your IT support company, he said, is to get your office WiFi configured correctly so that your business transactions and data traffic are kept completely separate from the WiFi you offer your guests.
And change the password on your business modem, Gullatte urges.
Too many businesses leave the default username and password on their cable modems — details that are commonly known to hackers and available on Google to everyone else.
“Type those and they’ll let you right in…” he said. “[N]ow I can control your network from off site. So you have to change the defaults. Business owners don’t do that. They set it up: ‘All right, it works, I’m ready to go.’ That’s not good enough.”
For more advice on simple ways to protect your business from cyber attacks, pick up the May 18 edition of the Business Journal.