Connecting to the internet in public spaces is second nature to most of us. Whether it’s in stores, restaurants, shopping centres, or even railway stations, we take to our mobile devices to compare prices, share our latest purchases via social media, find promotions, or just to pass the time.
The challenge that tends to confront us, of course, is which Wi-Fi network we’ll be able to access with greatest ease. Our phones instantly show us the choice of available networks, and research shows that more people are prioritising speed over safety, with more than 70% of people ranking connection speed a higher priority than the security of the connection.
Security experts recently reported that two thirds of people don’t know if the public Wi-Fi they are using is secure or not, despite 80% understanding the dangers of sharing private data over unsecured networks. But in the event that data from a phone is compromised, how many organisations would genuinely accept responsibility for the breach?
The reality is that the public Wi-Fi provider – be it retailer, hotelier, restauranteur, etc. – is the de facto internet security guard and will inevitably assume the role of villain if anything goes wrong while people are using their network to get connected.
Unfortunately, many of these organisations simply do not have sufficient security measures in place, leaving the public exposed to the possibility of device infection, data theft, unauthorised data sharing, or even financial loss.
Wi-Fi education is vital
Furthermore, those that do have adequate security and compliance measures in place don’t always do enough to promote safe public Wi-Fi usage to their customers. Even if a customer unwittingly compromises their own data, the owner of the Wi-Fi network may still be blamed for the incident.
High street brands offering Wi-Fi need to better promote secure usage to their customers. Having the capacity to provide guests with it is important, but without appropriate security measures in place, businesses may inversely harm their reputation, brand recognition, and, ultimately, revenue.
End users need clear instructions on how to log on to the secured Wi-Fi network, and once online, they need to be notified about how aggregated and personal data will be handled and stored. In the case of personal data, customers should be informed about the type of data collected, how it will be used and with whom will it be shared, and where and for how long this data will be stored.
With regards to device tracking, Wi-Fi providers that have agreed to the Future of Privacy Forum’s Mobile Location Analytics Code of Conduct will honour requests from consumers wanting to opt-out of having their location linked to their mobile device.
Equally, public Wi-Fi providers must ensure they are doing all they can to keep their public Wi-Fi secure from being compromised. Creating encrypted passwords and verifying forgotten log-ins ensure only legitimate users can access the network.
Public Wi-Fi providers can also include an idle timeout, logging the user out if their device has been left unused for a certain amount of time. And since the majority of cyber-attacks are the result of uneducated end-user choices, companies should take advantage of apps or the login portal to highlight security dos and don’ts to customers.
Ultimately, businesses need to maintain their credibility by disclosing as much information to their customers as possible. Providing secure guest Wi-Fi is only one aspect of the solution, and brands offering it have a responsibility to help educate their customers on how to use public Wi-Fi sensibly and securely.
Jeff Abramowitz is president of Cloud4Wi and previously founded cloud network management firm PowerCloud.