3 minute read
Setting up a Wireless Router Just like Home Leads to a Hacked City
By Mike Smith, Network Infrastructure Consultant, Sophicity: We put the IT in city
A city wanted wireless access for guests and employees. Easy, right? The city manager told a trusted non-technical employee to “make it happen.” Going to the nearest popular retail electronics store, the employee picked up a wireless router that seemed to do the trick. The wireless router box said it covers 12 devices, so the employee picked up two routers to cover the city’s 20 computers.
Advertisement
Back at city hall, the employee tinkered around until they set up both wireless routers—one on the first floor and another on the second floor. Following the instructions to set it up, the employee got it working. People could now hop on a wireless network with their laptops, smartphones, and tablets.
For a few weeks, employees enjoyed the perks of wireless. So easy! They didn’t even need their on-call IT vendor to help set it up. City council loved the internet access at meetings. Employees could now access their desktop and documents while meeting in a conference room. Guests could now access the internet. How wonderful.
One day, a representative from the state’s bureau of investigation informed the city of a data breach. An unknown person hacked into the city’s server using a stolen password and collected sensitive information about taxpayers. That information appeared on an online black market for sale. Not only must the city now inform taxpayers that they are at risk for identity theft but the city may also need to pay for identity theft protection services for hundreds of taxpayers.
This event hit the city administration like a bolt of lightning. They thought through the repercussions. Loss of citizen trust. Bad media exposure. Money lost. What caused the data breach? When they performed an IT audit to figure out what happened, the answer became obvious.
The city’s unsecured wireless router—the one their trusted employee set up “so easily.”
Preventing This Disaster
A recent study from Kaspersky Lab confirms that this situation is all too common. They estimate that about one in four Wi-Fi hotspots lack even the most basic security. We find that cities often don’t realize the gaping security holes their wireless routers pose.
Let’s look at the errors committed in our story.
Error #1: Buying a consumer-grade wireless router.
A city is not someone’s house. It’s a government entity that conducts important business, serves citizens, and carries out the law. You need business-class equipment that includes enterprise-level wireless routers. These kinds of routers are better equipped to handle the demands and complexity of your city. They will provide better coverage, security, and scalability as your city grows.
Error #2: Tasking a non-technical employee to configure the router.
No matter what the back of the box claims on the consumer-grade wireless router, you need an IT professional to configure this equipment. Just setting it up out of the box is not good enough and you risk leaving open gaping security holes. Configuration involves a complex array of settings that only IT professionals thoroughly understand. They will make sure your wireless router is set up securely (such as making sure you encrypt information) and restricts who can access your wireless network (such as from a “guest” network).
For example, we see too many instances of a Wi-Fi hotspot secured with a default administration password (such as “admin”). With such a weak password, even an amateur hacker can access your most sensitive city information.
Error #3: No ongoing monitoring and maintenance of the wireless router.
In our story, the city doesn’t use proactive IT support. If they depend on reactive IT support, then security breaches could take place and the city wouldn’t know for weeks or months. With proactive support, IT professionals will monitor your network environment and make sure it’s patched, secure, upgraded, and healthy.
Are your city’s wireless routers secured? They are one of the most common hacker targets because 25% of hotspots have pretty much zero security. Unfortunately, that 25% applies to cities.
If you haven’t assessed and addressed your wireless security, then it’s just a matter of time before you’re hit with a data breach.
Deal with this problem as soon as possible.
