09 SEPTEMBER 2018 / GUIDES
How to make your public WiFi compliant and secure
The world today is becoming ever more connected. We rely on access to the internet more and more and most of us use a multitude of apps and programs to organise and enhance our lives.
This is why offering your guests WiFi has such positive benefits for your business. It creates a better experience for guests, lengthens the time they’ll stay with you and often increases how much they spend.
But, public WiFi can become a security risk if it’s not implemented correctly, even if it's secured by a password. This is why we’ve put the below guide together, so you can make sure you are protecting yourself, your business and your customers.
The legal issues you need to be aware of
The risk of a customer using your network to access illegal sites is less common but it’s still a very important scenario to protect yourself from. If a customer were to access sites ranging from terrorist groups to child pornography and you weren’t able to identify who they were – you could be prosecuted for this.
A multitude of laws and regulations set guidance around how a public network should be operated:
- Anti-Terrorism, Crime and Security Act 2001
- Regulation of Investigatory Powers Act 2000
- Digital Economy Act 2010
- GDPR rectal 49
It’s also a good idea to keep any guest traffic that you have using your network separate from your POS or other critical systems. That way it’s easily identifiable for guests and it also protects you by isolating network traffic in the case of malicious activity. How much would a day of POS downtime hurt your business?
Creating a safe environment
Unfortunately, cybercrime is an ongoing and serious threat – and it’s your duty as a business owner to take steps to protect not only your business but all those who engage with it.
Making sure your software can identify every user on the public network is one of the most important steps. This allows you to have the proper data saved and easily accessible if a customer were to request it or if it were needed in a criminal investigation. Beyond compliance, this also protects you from a liability standpoint.
This can be acheived by implementing a 'Captive Portal' system, which creates a prompt when guests initially connect to your network. This prompt can then be used to collect identifying information on guests, as well as storing basic session data. Once the information is provided, the guest is provided with internet access.
When your customers log into your public WiFi, the last thing you want them to worry about is whether or not their data is going to be safe and used correctly.
Instead, you want them to feel at ease that their data is being protected, only used for the purposes they have specifically consented to – and is being kept in line with all the required regulations.
Data protection is something we read more and more about these days, and you will be on the hook to make sure that you’re storing and using a customer’s data in the correct way. You’ll also need to be able to provide them with the data you are storing on them if they request it. These requirements all fall under the new GPDR regulations, which have strict penalties for any misuse of customer data.
It’s not just customers you will lose if your WiFi isn’t secure
These days, the penalties for not keeping your WiFi secure go far beyond losing the trust of your customers. If you don’t comply with the Data Protection Act (DPA) there could be serious consequences including:
- Fines of up to £500,000
- Possibly prosecution and prison sentences for deliberate breaches
- A specific and rigorous course of action to improve compliance and avoid further - action from the Information Commissioners Office (ICO)
If a customer were to sustain any losses from a lack of security within your network your liability insurance won’t cover this, meaning you will be liable for all damages.
Any one of the above penalties has the power to put your business under so a secure network isn’t just a choice – it’s a vital necessity.
Let us take care of the tricky bits
Whilst we’ve put this guide together to help you understand how your WiFi needs to comply with the law – the good news is that Beambox already puts into place everything we’ve mentioned above, giving you one less thing to worry about.
Through our plug and play device, we provide blanket compliance and as well as measurable ROI through a suite of GDPR compliant marketing tools.
Leaving you to get on with doing what you do best – giving your customers a truly excellent experience.