Public WiFi Security: How not to Get Sued as a Public WiFi Provider?

It’s not easy having your own business. When you are working for yourself, you always have your boss living in your head, criticising you for not working harder, or smarter, or faster, or leaving more time for yourself. If on top of that you are working in the hospitality industry it wouldn’t be strange if you sometimes feel like you are in prison, with you being the sole inmate and all the patrons being the guards.

If you have the misfortune of fulfilling your life’s dream and opening a bar or a coffee shop, you will learn that your customers expect that you have a WiFi connection. You might try to pull a stunt about forcing customers to ‘’talk to each other” but that will grow old really fast, and you don’t want to be losing business. You want a good, stable connection, that will keep the guy in the corner chugging lattes while he works on his latest scrip, and the group of college seniors taking pictures of cocktails that they are barely old enough to buy. But, if you are not careful, making your public WiFi connection unsafe can hurt you as much as it can damage your customers. If your public WiFi hotspot gets hacked in any way that will hurt people that are connecting to it, you are open for a lawsuit.

Although with court rulings from 2009 you should be safe in the long run, or if you were hacked even with preventative measures, just having a court date and dealing with a lawyer can take so much time and money that you will wonder was the whole ordeal worth it.

Not everything is lost, as protecting your WiFi hotspot is now easier than ever. Professional VPN providers like Le VPN have even made VPN routers that will give protection to your customers without them even knowing. But, you will need to understand that all the measures you are taking at home to safeguard your own data, these should be even better where you work, as there are much more people coming through the door, and you never know which one of them is someone who plans on ruining your business. Take Public WiFi Security seriously, if not for the sake of being a good host, then for the sake of not getting sued.

Public WiFi Security vs. Private WiFi Security

In all actuality, there is no difference between the WiFi you have at home and the one that you are connecting to at Starbucks. Usually, there will be a password or some other authentication process, but the final result should be that everyone who is invited can access the networks and surf without restrictions.

The difference is that you know, or at least think you know, everyone that has your home WiFi password. If you own a bar, you will know the back story of a few regulars, but most people that are coming in will be strangers, and you will not know their intent. If there is a lot of people frequenting your bar, there is a significant possibility that some of them will try to take over your network as to access information that is on the devices of other people.

And the worst thing is, you will give them the password. That witty reference or innuendo that you were thinking so hard of and laughing to yourself about has now become the agent of your demise. If anyone realizes that they have been hacked, you are the first person they will blame. Now, you can try to explain to them that they should be using a VPN at all times, and especially when using public WiFi, but sadly cybersecurity has yet to become a subject of life advice, capable of being given by barkeeps.

How Safe is Public WiFi?

Not at all. This doesn’t mean that you shouldn’t use it, but you should know that by the sheer rule of large numbers you are bound to be in a proximity of a hacker at some point, especially if you frequent the same place as thousands of other people. In small exclusive cafés those chances are lower, and in Starbucks and McDonald’s they are bigger, but they are always there. Hacks will always focus on the most populated areas, not because they are less safe than those with fewer people, but because more people are trying to hack them.

And that is if you trust the person owning the hotspot. In more cases than not, these hotspots serve as data collectors for corporations providing the connection. For example, Starbucks offers their WiFi over AT&T network in the US, and now they require your full name, your email, and your ZIP code. For most privacy-focused people this is too much, as this data could be used for an incredible amount of malicious actions, one of them being identity theft.

Whichever public WiFi you are using, you should always have a premium VPN installed on all of your devices, your OS upgraded to the latest possible version, and a good anti-virus. There was an issue last year with hotspots being used to hack iPhones, which is not strange as these were some very popular hotspots, and iOS is one of the most popular mobile platforms.

Public WiFi Security vs. Business WiFi Security

While in theory, the business WiFi that you are using at work should be at least as safe as your connection at home, this is not always the case, especially with larger companies. To paraphrase the Roman poet Juvenal: ‘’Who will guard us from the guardians?’’

Large corporations start their data collecting at home, meaning that they have little issue in collecting metadata, and even actual data, from their employees. If you are accessing your personal information at work, you should be using a VPN and good anti-spyware software on top of that. Unless it is a small, family company, it is much better to be safe and sorry, and there is no need whatsoever to give to your employer more than you are obligated by contract.

Now, if you are the proprietor of the business, that is a whole different story. This way you can make your business WiFi safe with a multitude of firewalls, anti-viruses, anti-malware, and even a VPN router that will ensure the public WiFi security at your business. While you will have the option of doing the same wicked things the big corporations are doing, this will only lead you to being sued. And, unlike the big boys, you don’t have an army of corporate lawyers at your disposal.

How to protect yourself?

Your cybersecurity should not be regulated by your routine, as most security measures are done in advance and don’t use any time or energy, and you never know if and when you might be at risk. If you are mindful of privacy and security, you will think about public WiFi security as well. Most premium VPN providers, including Le VPN, have a hotspot app that can be installed on all mobile devices and that can protect your phone, tablet, or laptop even when you are at the most insecure place imaginable. Aside from a VPN connection, there is a large variety of other software that is there to make you safe.

Most people will think of anti-virus as the essential thing protecting you aside from the VPN connection, but that title should go to anti-spyware software. Hackers, governments, corporations, and other malicious entities are not interested in destroying your system anymore. They are much more interested in collecting your data and filling your devices with cookies, spyware, and ads.

Protecting Your Home

Your home should be a safe haven where you can relax and not think about the rest of the world. This includes not thinking about some Russian teenager trying to steal your identity as to buy CS: GO boxes with your credit card.

While cybersecurity in the last decade was relatively straightforward as the only devices connecting to the internet were your PC and your smartphone, with the introduction of the Internet of things (IoT) you will have a lot more devices to protect, meaning a lot more to connect over a VPN. This is where the VPN router comes up. Most devices will connect to the internet using your home WiFi, and with a VPN router, they can all be protected even if they have an incompatible operating system.

Premium VPN providers such as Le VPN will give you up to five simultaneous connections with a single subscription, meaning that all of your phones, tablets, laptops, PCs and other UI devices can be connected at all times, without extra charges. In these cases, you will want to keep the VPN on, at all times, in all occasions.

Some people still have the misconception that a VPN app will drain their battery, but this is untrue, as the VPN app only works while you are communicating with the internet, and that is precisely when you want it working.

Protecting Your Business with a VPN router

Protecting your business is slightly trickier, as this will include both the protection of your own public hotspot from a larger number of people, not all of them trustworthy, as well as the protection of your patrons, who might not be mindful about their cybersecurity.

The best way to go about this is to use a VPN router, and then to supervise that router with a local PC that will check if there are any problems with the WiFi. While this sounds like an oversimplification, there will probably be a PC somewhere in the bar, either to play music or to engage with social media, and that same device can be used as a safety monitoring device.

If you are using a VPN router, there is actually little to be hacked, as all of the devices will be connecting through a VPN tunnel, and unless you are being hacked by whoever assembled Mark Zuckerberg, you should be safe.

How are Public WiFi Connections Getting Hacked?

Those of us with low numbers on our birth certificates will remember the 1995 movie ‘’Hackers’’ with a young Angelina Jolie looking like an uncomfortably pretty Mr. Spock. That is the movie that started the misconception that hacking has all to do with banging quickly on the keyboard and nothing with actually asking some poor IT intern for the password by pretending that you are their boss over the phone.

While an experienced hacker could break a WPA2 encryption in about two hours, even a total novice can get a password at a bar by ordering a drink, and this is where most hacking happens, as owners are not protecting the router once there is a connection, which is a relatively simple process. In these cases, the most usual is the ‘’Man In the Middle’’ attack, or MITM, where the hacker will intercede between the router and other users, and collect any data that they access over their devices.

If there is a VPN router, this type of attack is rendered useless as even if there is collected information, it will be encrypted beyond recognition, with only the VPN server and the user’s device being able to read it. Additionally, unlike a regular router, you will not be able to access the routers settings unless connected via Ethernet.

There were instances where hackers pretended that they were tech-support and tried to get cable access to the router, but if you are the owner and you know that you haven’t called anyone, you will not let unknown people temper with your gear.

There are several other reasons why hackers were commandeering public WiFi access, and all of these were reasons for a lawsuit.

Top Reasons for a public Wifi hack:

1. Illegitimate Cryptocurrency Mining

While this issue was the one that forced Starbucks to reconsider their cybersecurity policies in the US, the first recorded instance of someone hacking devices of Starbucks guests to mine for BitCoin was in Buenos Aires, Argentina.

While the hacker probably had some assistance from the inside, they were able to write a malware program that usurped the system of the patron for several seconds and used their system to mine for cryptocurrency for the hacker. As Starbucks has hundreds of people connecting to each venue every day, this was able to externalize all the costs of the hacker mining, while giving them a small profit.

This is not the smartest reason to hack a hotspot, as the hacker was made, but the repercussions were taken by Starbucks, who endured both public shaming and what was probably a considerable amount of money in settlements.

2. Information Theft

MITM attacks are usually made to steal information from established hotspots, but there is an even more significant issue with malicious entities setting up ‘’fake hotspots” that are exclusively used to mine for personal information. The term fake is used here as the hotspot was set up under false pretenses, but there is little difference between these hotspots and normal ones.

As previously mentioned, you can use your own hotspot to mine data from people connecting to it, but this is highly illegal. What hackers were doing was going near places like Starbucks, or even public institutions, and opening free WiFi hotspots that were called the same as the official connection. People were connecting to those while thinking that the company is reliable, but they were, in fact, being victims of ‘’fake hotspots”.

Solution for a Public Wifi Security: Placing a VPN Router

By current US federal law, pushed mostly by Starbucks and McDonald’s, you will not be liable if one of your patrons is hacked using your public WiFi. The caveat here is if you have done enough to prevent the malicious attack and have not known about it happening.

Large corporations have the time and budgets to fight these claims and to prove that they have good security. If you are a small business owner that wants to protect your customers, you will need actually to defend them on the ‘’front lines”.

To protect yourself both in the sense of public WiFi security and legal security, there are three steps to take.

1. Install a VPN router

This will deter most hackers, as well as protect your patrons from all other forms of malicious entities on the internet. This is a very simple and a relatively cheap device to have, and it will save you from a lot of headaches trying to install a VPN on your regular router.

2. Create a monitoring PC

Connect an average PC to the VPN router via the Ethernet cable and let it monitor the connection. If you see different spikes, breaches, and suspicious behavior, look around to see if there might be someone trying to mess with your hotspot. If there is, you will need to kick that person out and change your password, as is your right.

3. Change the password regularly

Once a week should be enough. If you are good at making references and innuendos than this could be a fun part of your cybersecurity experience, and if not you can always make your password the names of the drinks you are serving. This will be the same reason why you should shuffle passwords on all other places, as to ensure that all of the people who want constant access would need to ask regularly. While this will help more to prevent the moochers than to prevent any severe hacks, in combination with all of the others, it’s an excellent move.

Conclusion

Finally, if you are as cautious about your business WiFi and public WiFi security as you are with your home security, you will be safe from both the hackers and the law. The important thing is to stop thinking about the hotspot that you provide as an unimportant, secondary service, as in the interconnected world your customer will expect to be both connected and protected while they are your patrons.

Give your customers a pleasant, relaxing, and safe environment to enjoy their drinks or food, and they will reward you by becoming regulars and keeping your business profitable for many years to come.

*Article Updated On March 20th, 2019.*