Last week, I was in Chicago for a seminar. As you might imagine, public internet access is important to business travelers. My hotel had internet, but browsers and Outlook both objected when I attempted to connect to any secure site or resource. When I switched to the wifi hotspot on my phone, those issues disappeared. When I reached wifi at other locations, those issues didn’t reappear.
Verdict: hotel internet was misconfigured, broken, hacked, or some combination thereof.
Reporting the problem
I reported the problem Monday afternoon to the front desk and to the hotel’s customer service account on Twitter. By the time I checked out early Friday morning, the problem still existed. It took their corporate Twitter people 28 hours to respond, despite the fact that they’re a substantial global hotel chain – or perhaps, because they are.
I noted to the Twitter reps that I didn’t expect the front desk to be network experts, thus I was reporting it to them so they could get the hotel property some corporate-level network help. This didn’t happen – at least not yet.
Their response was to contact the hotel manager. Based on his post-checkout email to me, he had no idea what I was talking about. As previously noted, I didn’t expect him to. Even better, they accidentally forwarded me the internal corporate support team email with the case number and all the contacts, all while leaving this hotel manager hanging out in the breeze to figure it out on his own.
So how does this affect you?
Public internet access quality matters
I don’t want to turn this into a geeky network security post. I mention it because there’s a lot at potential risk when networks offering public internet access have problems like this.
When your customers connect to a secure site from your wifi & that network is misconfigured, it may simply prevent use of the network. If your business is frequented by business customers, fix this quickly as you don’t want them to leave and decide never to return.
You may not think this is a big deal, but business customers do – especially if they’re on the road a good bit. Don’t think of them as one person who “isn’t even a local“. Think of them as all business travelers (or tourists) as a whole. There are sites and mobile apps out there that guide people to businesses with good internet. If your internet is bad and your coffee and croissants are awesome, many of these folks will go elsewhere.
If a regular traveler finds a spot to settle in for an hour or two of work and that spot is dependable, they’ll never forget it and they’ll return every time they’re in town. BJ’s Coffee in Forest Grove, OR comes to mind immediately for me.
If your network is hacked, the risks go well beyond repelling customers. Worst case, the bad guys can “see” your network traffic and send it to a place where they can store and review it. If they have what appeared to be in place at the hotel I visited, they can gather logins, passwords, credit card and other account numbers and so on.
While it’s not a good idea to use the same network that you offer to your customers, if you do so & it’s hacked like this, info on the cards you run could be at risk, even if you passed PCI-DSS certification a few months ago. To be sure, this depends on the hack, your network config & other things. The details aren’t the point.
The risk these situations expose you to …. that’s the point.
Add “network health” to your regular checkups
On a regular basis, you probably check in with your lawyer, doctor, CPA, and a couple of other advisors. You do this to reduce / avoid risk, maintain good health (physical and/or financial) and keep yourself out of trouble.
I suggest adding “network people” to that list.
Ask them to help you lock your network down without making it impossible / annoying to use (there is a balance to be had). Ask them to show you what to check and how to detect when something is “not right” so that you know when to call them for expert help. This landscape changes often. Your network and the equipment, customers and data that touch it are assets. They need protection too.