|

To say that mobile technology is impacting brick-and-mortar retail is akin to proclaiming at the turn of the last century that the motorcar just might change the horse-drawn carriage business. Shoppers today are empowered by technology to gain the advantage at every turn, whether it’s using a smartphone to find the best price for the same product online, locate out-of-stock sizes or colors in the store next door, or learn what their friends or other customers had to say about a product before they buy.

|

Retailers have two choices.

|

They can pretend this isn’t happening and actively try to discourage these new consumer behaviors, like not offering in-store Wi-Fi for fear of increased showrooming (see Free Wi-Fi is a Win-Win for Retail Marketers and Customers ). Or, they can listen to their customers and do everything in their power to meet their changing needs and expectations.

So what do these empowered consumers want?

|

According to the recent IBM study, From Transactions to Relationships: connecting with a transitioning shopper, what they want is a personalized in-store experience that not only mirrors the experience they get with online shopping, but is seamlessly integrated with their on- and offline shopping habits, preferences and history.

“Consumers are increasingly gravitating toward shopping experiences that allow them to be served according to their individual preferences,” states the report written by Kali Klena and Kill Puleri.

They then go on to outline the three key factors that retailers must address in order to capitalize on the changing behavior of the transitional consumer:

|

1.   Store dominance decreases in an omnichannel world

|

“The long-standing center of retail commerce, the brick and mortar store, is rapidly losing its appeal as customers turn to convenient online channels for their purchases.” This is not to say that the physical store will soon be going the way of the horse and buggy. While e-commerce is a legitimate threat to physical retail, it still represents only a tiny fraction of the overall retail market — 5.4% of total revenue to be exact.

No, the real threat to brick and mortar is decreasing customer loyalty in a world rich with choices, literally at the consumers’ fingertips. According to the IBM study, while 84 percent of respondents made their most recent non-grocery purchase in-store, only 56 percent said they were sure to return to the store for their next purchase.

2.   The impact of showrooming

|

Showroomers—those who use mobile devices in-store to research and often purchase lower-priced items online—may be a small (but growing) segment of the consumer population, according to the IBM study, but they have a grievous impact on in-store revenue. Showroomers made nearly half of all online purchases in the retail categories covered by the IBM study. Most chilling: twenty-five percent said they initially planned to buy in-store, and 65 percent plan to buy online for their next purchase.

3.   Consumers desire more meaningful retail connection points

|

In this burgeoning world of location tracking, web, retail and social Wi-Fi analytics, one might think that consumers would be overly sensitive to a loss of privacy. On the contrary, they want retailers to know even more about them and their buying preferences. In fact, the IBM study states that

“the majority of shoppers were willing to contribute 20 minutes on average to help a retailer better understand their desires in order to provide them with more meaningful offers based on their past purchases.”

The key is to make sure you are using the data you collect to treat customers like individuals, not as a market segment, by providing personalized offers, tips and information.

What to do about it

|

The IBM study provides many more insights and next steps for retailers, and we highly recommend you read it. One tip that we at Airtight Networks agree with wholeheartedly:

“Technology will play a key role in helping retailers use this trend to boost loyalty and sales. As retailers start to offer customers free Wi-Fi access in their stores, they will have the opportunity to engage with customers while they are browsing the displays, by branding their Wi-Fi to drive shoppers to their own websites and services. And if customers give permission for their location to be tracked via their smartphone as they sign on to the Wi-Fi network, retailers can use analytics to make sense of this data and provide shoppers with personalized deals to drive conversion.”

|

Parting Thought

|

If you’re still worried about embracing the very technology that is threatening your business, I leave you with the story of William Durant, co-founder of General Motors and Chevrolet. Initially, he was highly skeptical of the gas-powered “horseless carriage,” thinking them so dangerous he wouldn’t allow his daughter to ride in one. He wasn’t alone. By 1900, there was an enormous public outcry for safety regulations. Rather than wait for the government to intercede, Durant embarked on a mission to build the safer machines consumers were demanding. He succeeded by listening to transitioning consumer expectations and embraced technical innovation head on. (For the record, prior to the revolution he helped bring about, his Durant-Dort Carriage company was the leading producer of horse-drawn buggies in the world.)

Additional Information

|

• Why Retail Matters by Laura Heller via Forbes

 |

• Market Research
  • IDC’s “Retail Insights Predictions 2013” webinar
  • Accenture Retail Research: Insights into Millennial Shopping Behavior Patterns includes 3 videos about millennial shopping myths
  • 23^rd Annual Retail Technology Study [2013] via RIS News

 |

• AirTight Retail Blogroll
  • Why retailers embrace cloud for Wi-Fi access, PCI and wireless security
  • To Shop or Not To Shop? | In-store Wi-Fi Is The Answer To That Question
  • Free Wi-Fi is a Win-Win for Retail Marketers and Customers
  • Book Review: The Retail Revival: Re-Imagining Business for the New Age of Consumerism

|

• AirTight Retail Leadership
  • AirTight Launches Retail Wi-Fi Analytics Engine for In-Store Business Intelligence and Customer Engagement
  • AirTight Launches Social Wi-Fi; Integration of Social Channels & Customized Captive Portals Merges Social & In-Store Engagement

|

• Follow AirTight Networks on Twitter

Lina Arseneault Best practices, smartphones, WiFi Access, Wireless security IBM Retail Report, retail

|

Retailers have long battled the dual pressures of online shopping and congested marketing channels just to get people to walk through their door. Now showrooming has moved the war inside the store, as a fragile economy combined with the ubiquity of mobile devices has created a savvy new breed of consumers who use their smartphones and tablets to research products and prices while they browse the aisles. It’s like having scores of invisible competitors whispering in the ears of your hard won customers.

Fortunately, there’s a way to fight back, gain control of the conversation, and provide a deeper, more meaningful relationship with your customers, all while providing them with a service they’ve been asking for: free in-store Wi-Fi.

|

Your customers want free Wi-Fi

 |

Recent research from Yankee Group finds that ninety-six percent of customers prefer locations that offer free Wi-Fi and return to stores that offer it. Seventy-eight percent of shoppers would access Wi-Fi if it were offered in-store. That alone should be reason enough to consider installing in-store Wi-Fi. However, while most retailers have put in the blood, sweat and tears necessary to make sure their online presence is as good, if not better, than their ecommerce-only competitors, many have neglected the potential digital footprint of their brick-and-mortar stores:

• 26% of retailers do not have any wireless network
• 26% only have wireless available for receiving and other inventory-related tasks
• 29% have wireless connectivity throughout the store, but only for performance, POS, and other product-related operations
• Only 19% provide wireless connectivity for customers

According to Retail Systems Research, “the lack of a wireless infrastructure on the selling floor…is the single biggest inhibitor to improving the in-store experience.”

 |

Free Wi-Fi is more than access. It’s Permission to Engage

 |

While it is true that customers with mobile devices can access the Internet through their mobile carrier data connection, thirty-seven percent of respondents of a recent Deloitte study reported problems accessing the Internet while in a store. In this “always on” world of instant connectivity to information and people, no access or spotty connectivity could actually be driving people out of your establishment. Offering free high-speed access not only provides a richer mobile experience – and goodwill toward your brand – it enables a valuable means by which you can further engage your shoppers. According to an OnDeviceResearch survey, 74% of respondents would be happy for a retailer to send a text or email with promotions while they’re using in-store Wi-Fi.

By being the digital intermediary between your customers and their in-store search behavior, you’re now in a position (and have their permission via your Wi-Fi service opt-in agreement) to engage in the conversation, offer price matching, access to expanded product offerings or personalized shopping lists. These personalized services not only help provide a seamless and customized brand experience that encourage consumers to stay longer or purchase more, but provide invaluable information about their in-store and digital shopping habits.

|

Wi-Fi Brings Online-style Analytics to Brick-and-Mortar

|

According to Deloitte 80% of consumers step in and out of the average retail establishment without making a purchase.

Retail Motion Infographic

Since consumer-behavior data is typically collected at the point of sale (POS), you are basically blind to the interests, influencers and behaviors of an overwhelming majority of your in-store foot traffic.

Wi-Fi changes the equation by providing brick-and-mortar retailers with the type of deep analytics we’re accustomed to with our web and social media presence, including traffic flows, dwell time, mobile platform usage, web destinations and products researched. Access to real-time metrics enables retailers to better understand a large swath of their customers’ behavior – whether they’re buying or not.  Data collected can be used for anything from changing signage, product displays or traffic patterns, to providing personalized promotions or offers to individual shoppers.

|

Reasons Why Retail Leaders Use In-Store Wi-Fi

|

|

The Bottom Line

|

|

Your customers are going to use their mobile devices to comparison shop in your store. Providing free Wi-Fi enables you to insert yourself into the conversation they’re having with your competitors. Analytics can give you unprecedented visibility into in-store behavior – both physically and digitally – which you can then use to create more value for your customers and brand loyalty for yourself. Consumers benefit by getting what they asked for – free, high quality Internet access – along with customized offers and an integrated, personalized experience across all of your channels. That’s a win-win if I ever heard one.   

|

Lina Arseneault 802.11n, Best practices, PCI, WiFi Access, Wireless security Deloitte, retail analytics, RSR, social analytics, Yankee

|

CWNP (Certified Wireless Networking Professional) is widely recognized as the IT industry standard for vendor neutral enterprise Wi-Fi certification and training.  CWNP publishes videos, white papers, blogs, and other materials that assist the networker in learning Wi-Fi technologies and preparing for CWNP certification exams. The WiSE article series is one of these CWNP thought leadership content initiatives.

|

About the WiSE Article Series:

|

Wireless is inherently complex; its study spans at least two engineering disciplines: Electrical Engineering and Computer Science. Add to this the nuances of various standards, vendor implementations, RF environments, and protocol interactions, and it is not uncommon to feel a little lost in understanding the various aspects of Wi-Fi network operation. In this series of short articles, we explain various Wi-Fi subtleties, to work toward a better understanding of Wi-Fi network deployments.

The WiSE article series editor is Tom Carpenter and the first 5 WiSE articles feature AirTight Networks wireless subject matter experts as CWNP guest bloggers.

|

1) Wi-Fi Throughput Algebra – Simplified

Author: Bhaskaran Raman, PhD.     Read WiSE article 1

In this first article in a multi-part WiSE Article Series, Bhaskaran Raman explains the formulas you can use to estimate throughput on WLANs. This article simplifies Wi-Fi throughput algebra, to give a rule of thumb for what throughput to expect when taking into account at least the first order factors which affect all environments and tests.   Read WiSE article 1

|

2) Wi-Fi Subtleties Explained (Parameters that Matter)

Author: Bhaskaran Raman, Ph.D.     Read WiSE article 2

This second article talks about parameters that impact Wi-Fi throughput. You may be surprised to learn that it’s not all about the lower layers (Physical and Data Link), but the TCP communications have a significant impact as well.   Read WiSE article 2

3)  Wi-Fi Subtleties Explained (Channel Bonding)

Author: Bhaskaran Raman, Ph.D.     Read WiSE article 3

In this third installment of the WiSE article series from AirTight Networks, channel bonding is considered. Some surprising results will cause you to rethink your network design plans and possibly how you will implement newer 802.11 technologies.  Read WiSE article 3

|

4)  Wi-Fi Subtleties Explained (Quality of Service [QoS] Controls)

Author: Hemant Chaskar, Ph.D.     Read WiSE article 4

Quality of Service (QoS) is another aspect of the network performance that is relevant for applications such as VoIP over Wi-Fi. In this context, QoS is provided by prioritizing the packets belonging to specific applications such as VoIP over others so that they encounter minimal latency in transit. It takes three different sections of the data path to use three different techniques for the end-to-end handling of wireless QoS-sensitive packets, as discussed below. The idea of this article is not to provide overview of standard Wi-Fi QoS mechanisms such as WMM, but to point out some subtleties in using them in the network.   Read WiSE article 4

5)  Interference from Non-WiFi Sources, Part 1

Author: Bhaskaran Raman, Ph.D.     Read WiSE article 5 – part I

RF interference is an important concern in Wi-Fi networks. Such interference can come from two types of sources: Wi-Fi or non-Wi-Fi. In this and the follow up article, the focus is on subtleties pertaining to non-Wi-Fi interference sources.  Read WiSE article 5 – part I

Full list of CWNP WiSE articles

Check back often as new articles are published on a regular basis.

|

About the AirTight WiSE authors:

|

Bhaskaran Raman is a scientist at AirTight Networks, working on high performance Wi-Fi architecture. Bhaskar received his M.S. and Ph.D. in Computer Science from the University of California, Berkeley, in 1999 and 2002 respectively, and his B.Tech in CSE from IIT Madras, India in May 1997. He was a faculty in the CSE department at IIT Kanpur from 2003-07. Since July 2007, he has been a professor at the CSE department at IIT Bombay. His research interests and expertise are in wireless and mobile communication networks. Bhaskar was a recipient of the IBM Faculty Award in the year 2008. He has published research papers in various IEEE and ACM conferences and journals, and is on the editorial board of ACM Computer Communication Review.

Hemant Chaskar is VP for Technology and Innovation at AirTight Networks. In this role, he looks after AirTight’s technology R&D and also performs roles in product design, business development, and various customer facing activities. At AirTight, Hemant has been working on Wi-Fi networking and security for the past 8 years; and has held positions at Nokia Research and Lucent Technologies prior to that. He holds Ph.D. in Electrical Engineering from the University of Illinois at Urbana-Champaign.

Additional Information

Follow CWNP on Twitter

Contact Tom Carpenter – WiSE Article Series Editor

More information on CWNP certifications

Follow Airtight on Twitter

Contact Bhaskaran Raman and Hemant Chaskar at AirTight Networks

Pravin Bhagwat 802.11ac, 802.11n, Best practices, Wireless scanning, Wireless security, WLAN networks, WLAN planning CWNP, Tom Carpenter, WiSE

By Hemant Chaskar

The building of the bill of materials (BOM) is an important factor in the Wi-Fi project plan. The cost of APs and the cost of other components in the Wi-Fi architecture contribute to the overall BOM. There are two types of large Wi-Fi deployments that we often see: distributed and dense. Examples of the distributed deployment are clinics, insurance offices, bank branches, retail stores, hospitality providers, etc. The number of sites in the distributed Wi-Fi can run into 100’s, 1000’s, or as in case of some of our retatil customers even 10,000’s. Dense deployments are typical of campus environments in which there are few campuses – each with large number of APs. There could be 100’s, or 1000’s of APs that may be required to cover a few campuses.

To compare and contrast BOM for different types of AP platforms for large distributed or dense deployments, we can think of these deployments in units of sections. For the distributed deployment with a number of sites and a few APs per site, the section can be a site such as insurance office, bank branch, retail store, etc. For the dense AP deployment, the section can be a floor of a multi-storied facility, part of the floor (e.g., East, West, North, South sections of floor plan), etc. For each such section, one can compute the number of APs which can be deployed in each section to stay within the overall Wi-Fi budget (the budget also has to account for the cost of Ethernet drops required for APs). For apples to apples comparison, let us say that the customer can negotiate the same street price for different types of APs. The tables below show how much functionality can be achieved with a given number of APs, in each section, and for different types of APs. Conversely, one can also think of it as how many APs per section are required to achieve certain functionality within each section.|

1) Dual radio APs without support for dedicated scanning radios (where only background scanning is supported)

|

2) Band-locked dual radio APs which can be either AP on both radios or WIPS sensor on both radios

|

3) Band-unlocked dual radio APs with per-radio AP or per-radio dual band WIPS sensor configuration option

|

|

Clearly, for secure Wi-Fi deployments, the dual radio AP platform with each radio independently software configurable as AP or as dual-band WIPS sensor gives maximum value for the given BOM in terms of both traffic capacity and security. This mode of operation is only possible with specialized AP platforms with band-unlocked radios. Let me elaborate below on what it means for the radios to be band-locked versus band-unlocked.

Dual radio APs with band-locked radios: Most dual radio enterprise APs are dual band, dual concurrent, but have band-locked radios. What it means is that one radio is configured for 2.4 GHz operation and the other for 5 GHz operation at boot time. So, once one of the radios is configured as AP in one band (say 2.4 GHz band), the other radio cannot scan channels in the 2.4 GHz band for WIPS functionality. The other radio can only scan 5 GHz channels as it is band locked to 5 GHz. As a result, these AP platforms cannot support the most efficient option 3) described above and it is then required to dedicate one full dual radio device for WIPS with one radio scanning 2.4 GHz channels and the other scanning 5 GHz channels for security monitoring (i.e., degrade to BOM inefficient option 2) described above).

Dual radio APs with band-unlocked radios: Some differentiated dual radio AP platforms such as AirTight APs allow each radio to be independently software configurable as AP or as dual-band WIPS sensor.  So when one radio is configured in one band as AP (say 2.4 GHz band), the other radio can still scan both 2.4 GHz and 5 GHz bands. It takes RF expertise to design such APs. Such APs can support all of the above three deployment options, and in particular, uniquely support the most efficient option 3) described above.

|

|Follow AirTight Networks on Twitter

|

In addition to AP platform consideration, there are additional Wi-Fi architectural factors which also affect total cost of solution:

|

a) Controller vs controller-less architecture: This is particularly important in distributed deployments. Controller architectures, originally designed for campus deployments, require per-site controllers  to achieve full functionality of AP. Deploying centralized controllers at headquarters talking to APs over WAN links does not offer robust functionality in distributed environments. See my earlier blog post: Is your cloud Wi-Fi genuine, or is it controller over WAN imitation? Per-site controller requirement increases the total BOM, particularly when the number of APs per site is small (can you imagine 100 controllers for 100 site deployment with 3 APs per site!). On the other hand, controller-less Wi-Fi with smart edge APs does not incur this additional cost.

b) Centralized control as add-on versus built into solution: Large deployments require centralized console for configuration, management and reporting. Wi-Fi architectures with controllers embedded in APs, originally designed for small localized deployments, are not adequate for large deployments. These AP-embedded controller solutions require additional on-site management server assets for centralized control and may even require appliance controllers to fill the functionality gap between AP-embedded controllers and appliance controllers. These additional on-site server components add to overall cost. On the other hand, cloud managed Wi-Fi does not incur additional cost for centralized management. I have discussed differences between true cloud managed Wi-Fi and Wi-Fi solution with mere word cloud in it in one of the earlier posts: Different shades of cloud Wi-Fi: Rebranded, Activated, Managed.

c) Security as add on versus integrated into architecture: Some AP vendors offer WIPS as add-on to Wi-Fi infrastructure. These architectures require additional WIPS appliances and licenses to enable WIPS which can cause BOM to go up. On the other hand, if WIPS is built into solution it does not require additional appliances and licenses.

|

|As we saw, there are several factors such as AP capabilities and overall Wi-Fi architecture which can cause BOM for large Wi-Fi deployments to vary over a range as much as 2X. By making the right choices on each of the above fronts, the BOM can be significantly reduced, while obtaining the maximum value from the deployed Wi-Fi infrastructure. AirTight secure Wi-Fi can help to meet these goals – with band-unlocked dual radio APs, smart edge controller-less Wi-Fi architecture, HTML5 based central management console in the cloud, and the only top rated WIPS built into the solution.|

Hemant Chaskar 802.11ac, 802.11n, Best practices, mobile device management, WLAN networks, WLAN planning

BYOD (Bring Your Own Device) seems to be the dominant theme for 2012 in the Wi-Fi infrastructure and security space. As people increasingly bring in personal smartphone devices on the enterprise premises, the network/security administrators are grappling with the security implications. Given how engaging the new smartphone and tablet apps are, conflict arises between the users’ desire and the network/security administrators’ intentions. You need to ensure that this conflict does not turn BYOD into BYOR (Bring Your Own Rogue AP)! Read more…

Hemant Chaskar 802.11n, Best practices, Compliance, smartphones, Wireless gadgets, Wireless security Apple Airport Express, BYOD, PCI, Rogue AP, WIPS

Recall “Skyjacking” vulnerability discovered with Cisco LAPs couple of years ago? It allowed hacker to transfer control of enterprise Cisco LAPs from enterprise WLC to hacker controlled WLC in the Internet with over-the-air attack. Once control is transferred, the hacker could change configuration on those LAPs in any way by adding, deleting and modifying SSIDs. The hacker could also tamper with Cisco monitor mode APs and take away the security layer. Cisco Skyjacking exploited vulnerability in Cisco’s over-the-air controller discovery protocol. Know more about it here.  

Now a similar vulnerability seems to have been discovered in Aruba OS and AirWave console. The advisory states: “[a]n attacker could plant an AP with maliciously crafted SSID in the general vicinity of the wireless LAN and might trigger a XSS vulnerability in reporting section of the ArubaOS and AirWave WebUIs. This vulnerability could potentially be used to execute commands on the controller with admin credentials.” Though modus operandi is different from Cisco, the end result is similar – transferring the control of Wi-Fi controller to hacker by launching over-the-air attack.

No system is free from vulnerabilities and such things will continue to be discovered. But, you don’t have to give away “hack one, get one free”. You don’t have to give hackers control of Wi-Fi coverage and Wi-Fi security in a single shot. This can be achieved by ensuring that the Wi-Fi security layer operates independent of Wi-Fi infrastrucutre.  Read more…

Hemant Chaskar Best practices, Wireless security aruba, Cisco, skyjacking, WIPS

With the explosive growth of smart devices in the enterprise, Mobile Device Management (MDM) is a hot topic among IT departments these days.  In order to secure the network and protect sensitive data on mobile endpoints, many organizations are deploying tools to secure, monitor, and manage smart devices accessing their networks.  Installing an MDM agent on mobile assets gives the IT department the ability to enforce VPNs, remotely wipe data off stolen/lost devices, and ensure that devices under management by the IT staff are running the most current and secure applications.

But is this really enough to protect you?

No.  In today’s “BYOD” (bring your own device) culture, the reality is that personal smart devices will continue to attach to your network. These devices may not have your favorite MDM agents running on them, thus exposing your network and data to security threats again.  Enterprises need a “gatekeeper” control to ensure that only approved devices with an installed MDM agent can attach to the corporate network. By adding a strong WIPS solution to your enterprise security portfolio, you will have the ability to enforce such control and complete your mobile security strategy.

A robust wireless IPS solution (WIPS) will detect, identify and locate unauthorized smart devices connecting to the network, generate a real time alert or even better – block those unmanaged devices from connecting in the first place.  Better yet, a good WIPS will allow you to define your security policy by device type, VLAN, and location.  For example, iPhones could be allowed to connect to the guest network for Internet access, but could still be blocked from accessing the internal network.

Watch this technical webinar for more information.

Mike Baglietto Best practices, mobile device management, smartphones, WiFi Access, Wireless security, WLAN networks Android, iPhone, mdm, mobile, secure WiFi, security policy, WiFi security

A special Aberdeen Group report titled, “Wireless LAN 2011: Readying the Invisible Network for the Smart Revolution is the first industry study to track the impact of the rapid rise of smart devices on the WLAN.

The proliferation of embedded WiFi devices – smartphones, tablets, and Machine-to-Machine sensors (M2M) – and the explosion of wireless activity in and around the enterprise make maintaining a good security posture and meeting regulatory compliance requirements more challenging than ever.

According to Andrew Borg, senior research analyst, Wireless & Mobility for Aberdeen, and the report’s author, “A network is suboptimal unless network performance and security are both addressed. It isn’t enterprise class if it isn’t secure. As a consequence top-performing organizations are consistent in considering network security a high priority.”

This report is available immediately at no cost, courtesy of AirTight Networks.

Mike Baglietto Best practices, Compliance, mobile device management, smartphones, Wireless scanning, Wireless security, WLAN networks

There’s been a lot of news in recent weeks surrounding the Sony PlayStation Network breaches.  One of the questions that I have received multiple times since this started is whether or not this was a wireless breach or if wireless was  in any way part of the Sony vulnerability.

From what we understand, no.  It sounds like web servers were compromised.  But could these types of attacks happen over Wi-Fi?  You bet.

“Hacktivists” essentially volunteer to participate in these coordinated attacks. The tools used are often easy to use and freely available.  They just need people willing to join the cause to create the distributed denial of service.   Firewalls are supposed to keep the “bad guys” out, but there is nothing stopping anyone from putting these same tools on a smartphone and carrying out these same attacks from INSIDE an organization, not just remotely from the Internet.

These same techniques used against Sony, MasterCard, and Visa as well as the type of attack that breached TJX can now be launched from personal smart devices (Iphones, Ipads, Androids, etc.) inside your network.   In fact, Gopinath K.N., Director of Engineering at AirTight Networks has demonstrated just this type of scenario at various security conferences and on-line presentations.  See his demo here.

Additionally, smartphone malware can be distributed in the form of an application easily downloaded from the Internet (think of all the gaming and social media apps available for iPhones and Androids). Its really no different than how PCs become infected with worms, viruses and malware by visiting untrusted sites and downloading insecure applications.

Once the malware is installed, if that compromised smart device attaches to the corporate network, the malware can be used to launch a stealthy attack from inside the corporate network – with or without the knowledge or consent of the smart device owner .  Sensitive data could even be sent off-site via the device’s own Wi-Fi or 3G radio.

Considering that smart devices and tablets now outnumber PCs in new sales, this may not be so far fetched.  A major difference between PC security and smart devices is that the tools to detect and defend PCs from these vulnerabilities is significantly more mature and widely deployed then smartphone security in practice today.  Organizations need to determine whether or not unauthorized smartphones are allowed to attach to their Wi-Fi  networks (guest and corporate), and how they will enforce wireless security policies to keep themselves secure.

Mike Baglietto Best practices, Compliance, mobile device management, PCI, smartphones, Wireless security

After the TJX breach, the PCI security council strengthened their wireless security standard in an attempt to prevent such catastrophic incidents from reoccurring.  While some of the largest retailers strengthened their wireless security, small and medium businesses need to take a look at their own security practices because they are just as susceptible, maybe more.  In its annual Data Breach Investigations Report earlier this week, Verizon said “criminals are increasingly hitting smaller businesses as it becomes harder to steal financial data from big companies.”

War-driving is still more common than most people probably think, but the number of incidents reported by small and medium businesses is very low.  In most cases, WEP encryption is still the target.  In a recent Network World article reported that Seattle police are investigating a group of criminals attacking local businesses via Wi-Fi access points encrypted with the flawed WEP protocol.  Does this appear to be an isolated incident? No.  According to the Seattle police, this group of criminals has been suspected of these types wireless attacks for as many as *5 years*.

What is troubling is the number of retailers that continue to opt for a “compensating control” to address their wireless security requirements.  Even PCI’s “approved” methods including quarterly wireless scans and visual inspections are insufficient to protect your business.   Wi-Fi is everywhere, its easy to find an unencrypted (or poorly encrypted) signal.

Until companies understand the risk of properly secured Wi-Fi, they will remain susceptible.    Just ask the guys in Seattle.

Mike Baglietto Best practices, Compliance, PCI, Wireless scanning, Wireless security