CONTACT:  SUSAN TOLCHIN                                                                                         (914) 995-2932

                     LYNNE BEDELL                                                                                          (914) 995-3106

                                                                                                                                            

FOR IMMEDIATE RELEASE                                                                                            Nov. 2, 2005 

 

SPANO PROPOSES LAW TO COUNTER RISKS OF WIRELESS NETWORKS

Businesses would be required to maintain secure networks

 

            Wireless Internet connections are becoming more popular as “hot spots” are popping up at Starbucks and countless cafes, businesses and even parks, but many users don’t realize the risks they take every time they sign on. Even shopping at a retail store that uses a wireless network can put your personal information at risk.

            That’s why County Executive Andy Spano is proposing a new law – the first of its kind among counties in the U.S. – to protect the public from crimes such as identity theft and other consumer fraud. The law, which was recently submitted to the Board of Legislators, would require Internet cafes as well as commercial businesses that use wireless networks to take basic security precautions to protect private customer information from potential data thieves and hackers.   

 “People don’t realize how easily their personal information can be stolen. All it takes is one unsecured wireless network,” Spano said. “Your credit card number, social security number, bank account information – it’s all vulnerable if a business that collects that information hasn’t taken the proper steps to protect it. Somebody parked in the street or sitting in a neighboring building could hack into the network and steal your most confidential data.”

To illustrate how easy it is to get into an unprotected network, Spano and Norman Jacknis, the county’s chief information officer, took a laptop computer equipped with easily available software and drove around downtown White Plains today in search of vulnerable networks. Last week, a team from the Department of Information Technology performed the same survey and came across 248 wireless hot spots in less than a half an hour of driving down Westchester Avenue and Main Street in White Plains. Out of those, 120, or almost half, lacked any visible security at all.  Many users marked themselves as easy targets by failing to change the

network’s default name from “default” to something unique. 

Various studies have estimated that about one-third of businesses using this hot new technology commonly known as “Wi-Fi” in the U.S. remain unprotected from any type of attack.

“Identity and data theft is clearly a local threat here in Westchester,” Spano said. “We need to take steps to address this problem.”

Because of the very nature of wireless communications – that they occur in the open air and can be easily intercepted – Wi-Fi networks have always been more vulnerable to security problems than more traditional wired forms of networking. Still, Wi-Fi’s low cost and flexibility continue to drive its growth  throughout the country.  

“Wi-Fi is a wonderful technology if used wisely,” said Jacknis. “Protecting your computer involves little to no cost. Setting up a Wi-Fi network with basic security takes just a few minutes and there are available free or low-cost personal firewalls to stop intruders from gaining access to your personal computer.” 

The proposed law would address many of these risks. The way the law reads, all commercial businesses that use wireless networks and maintain personal information would be required to have “secure networks that protect the public from potential identity theft and other potential threats such as computer viruses and data corruption.” For example, a retail establishment that uses a wireless network to process credit card transactions would be required to install a firewall, one of the easiest and least expensive ways to guard a network from attack. They would have to file a note of compliance with the county.

Businesses that offer public Internet access would be required to post a sign stating that the network has been secured with firewall protection and stressing the need to use discretion.   

  As part of the proposed legislation, the County will provide ongoing public education outlining steps that residents should take to help protect themselves from the threat of identity theft through the use of computers and other electronic devices. This effort will track the latest technological advances in order to provide up-to-date and meaningful assistance to all county residents.