Last Friday I was pondering whether folks were more diligent about security in their homes than businesses were based upon my admittedly very unscientific observations of wireless access points as I drove through the Des Moines, Iowa metro.
To which Davi Ottenheimer commented (thanks Davi!),
“Simple. It is far easier to secure a home device than one at work. Shared keys, for example, are trivial to manage in your own home. Lines of responsibility and delegation are clear when you are master of your own domain. This is true in terms of everything from key rotation to handling equipment compatibility. On the other hand wifi is nearly impossible to manage at work if you are not a security specialist who has been openly tasked with creating a solution. It is much easier for most businesses to run without wifi security than with it, especially when the risk of a breach is more likely to cause external (customer) rather than internal harm. Another point to consider is that businesses are outward focused by design. Homes are not so open to guests and even neighbors in general terms, so I would always presume a business environment to be more open than residential areas. It’s a cultural distinction.”
Well, I agree that is it usually comparatively easier to secure computers and networks at home than computers and networks within the business. However, I don’t think that ease of implementing security really has resulted in the average holdhold being more secure…
I’m not convinced that just because is it comparatively easy to secure computers and wifi networks in homes that it means most people are actually securing them. I know many people who have installed wireless networks in their homes, most with very little to no IT or info sec background, and most if not all do not have security on their computers, let alone their home networks. One person I asked said, “Why do I need security on my computer in my home? No one can see into my house that I’m online using a wireless connection!” Another said, “I hate dealing with passwords! I have to deal with them all day at work…I’m not going to have that pain at home too!”
Just because something is easy or simple to do does not mean that most people will do it. If this were true we’d have a much healthier population, wouldn’t we?
I’m not so sure that running and managing wifi in the types of small businesses I saw is really that much more complex or unmanageable than within homes. In my main post I didn’t indicate that many of these small businesses were for accountants, lawyers, physician specialists, and other service types, and most have a very small number of personnel…often 10 or less.
Many residential homes have wireless routers they’ve established to support many different computers within their homes. It isn’t really that much more complex to support a small wireless network within an office than it is within a home.
However, you’ve hit upon an important point with your statement,
“It is much easier for most businesses to run without wifi security than with it, especially when the risk of a breach is more likely to cause external (customer) rather than internal harm.”
Great point!
Yes, I think that is what it comes down to in many small to medium sized businesses (SMBs), who are always looking to cut expenses; if it is easier, costs less, and is less likely, in their view, to cause internal harm to not do something, then it just won’t get done. Such as security any many instances.
When it comes to knowing, though, why one residential area of town had such a large percentage of secured wireless networks, I’m still not convinced it is because implementing wireless security in a home network is simple, and because of concerns that someone may get into their home networks. The awareness level of wireless security, in the general public, is just not that high.
However, it is an intriguing question (at least to me) and yours is an interesting hypothesis, and my Missouri-born blood screams, “Show Me!”
I would love to see a scientifically-conducted study that would methodically analyze the security of all the wifi points throughout the metro, street by street, and take a good look at the results. I think you would find some neighborhoods with high secured wifi rates, like the one I drove through, but probably a much higher number with low to no wifi security.
This relatively small metro area would be a fairly good microcosm that would reflect similar results in much larger cities. Perhaps we could learn something about the associated demographics in the secured versus the unsecured neighborhoods.
Hey, any of you wifi security vendors out there want to do this…? 🙂
Tags: awareness and training, Davi Ottenheimer, Information Security, IT compliance, personal information privacy, policies and procedures, privacy training, risk management, security training, wireless security