N.Y. county wants more secure wireless hot spots

A New York county executive wants Internet cafés and other commercial businesses that offer wireless hot spots to better secure their networks so consumers are protected from identity theft and other threats.

Earlier this week, Westchester County Executive Andy Spano proposed legislation that would require businesses providing public Internet access to install a firewall “to secure and prevent unauthorized access to all private information that such entity may store, utilize or otherwise maintain in the regular course of its business,” according to the draft legislation.

Such businesses would also need to post a sign stating: “You are accessing a network which has been secured with firewall protection. Since such protection does not guarantee the security of your personal information, use discretion.”

County officials say the law would be the first of its kind among counties.

“People don’t realize how easily their personal information can be stolen,” Spano said in a press release. “All it takes is one unsecured wireless network.

“Your credit card number, social security number, bank account information – it’s all vulnerable if a business that collects that information hasn’t taken the proper steps to protect it,” he added. “Somebody parked in the street or sitting in a neighboring building could hack into the network and steal your most confidential data.”

A survey conducted last week by officials from the county’s information technology department found 248 wireless hot spots within a certain area of White Plains, which is the county seat located 20 miles north of New York City.

Of those, 120 “lacked any visible security at all,” according to the press release. “Many users marked themselves as easy targets by failing to change the network’s default name from ‘default’ to something unique.”

The county will also distribute a pamphlet to educate public Internet access providers and consumers about implications of the law and how the public can further protect their computers and electronic devices from identity theft and hackers.

“Protecting your computer involves little to no cost,” the county’s chief information officer, Norm Jacknis, said in a prepared statement. “Setting up a Wi-Fi network with basic security takes just a few minutes, and there are available free or low-cost personal firewalls to stop intruders from gaining access to your personal computer.”

In an e-mail message, Scott Fernqvist, special assistant to Jacknis, said county officials expect the law to be enacted early next year, and Spano “will eagerly push for its adoption.”

Out of about 30,000 businesses in the county, only a handful are Internet cafés, but the number is growing, he said. The law does not apply to residential Wi-Fi users.

“This law would impact smaller businesses more because they are more likely to have unsecured networks,” he wrote. “Nationally, about one-third of all businesses using Wi-Fi are unsecured. That translates to a significant number of businesses putting consumers at risk here in Westchester.”

Fernqvist said no specific incidents have been reported “but this is a national problem that we are trying to head off early.”

The law will take effect 180 days after it is enacted. Businesses have another 90 days after that to comply. If they fail to comply, they would initially receive a warning but could get fined up to $500 for each violation thereafter.