Over the years retail florists that were interested in offering free wifi to their customers always offered the same reason:
Well, Starbucks does it...
True, but Starbucks benefits from people loitering because they’re also consuming their products. Typically flower shops have wanted to get people in and out.
But times (and technology) change. Brides are now coming in for consultations, bringing their laptops and tablets, and wanting to connect to Pinterest, Instagram, etc. This is something that helps the florist and providing wifi in those situations seems absolutely essential.
They key is doing it safely. The easy way to do it, simply giving the customer the password to the primary network, is not safe. In fact it is incredibly dangerous.
The first problem is that by giving them the password you have lost control of your network. They can now distribute the password to as many other people as they like.
What can people do with that access? Probably a lot more than you realize. The intention is to just get them internet access but by putting them on the primary network you are giving them access to network resources like shared folders, etc. They could easily access, copy or delete any shared files or folders.
Think about the complimentary wifi in the lobby of a hotel. If they gave you that by giving you access to the primary network you could view HR files, reports, etc. It would be disastrous!
There is however a way to do it relatively safely. It’s not very complicated, and it shouldn’t cost you anything. Creating a separate “sandboxed” guest account allows guests to use your internet connection without granting access to other network resources.
Most wireless routers will allow you to set up this kind of guest account. It is done using the router admin/configuration tools, most commonly accessed by visiting 192.168.1.1 from a device currently on that wireless network. This is the same place where you change the network password, etc.
The first step involves enabling the guest account feature. This usually just means checking a box. The next step is to give it a name. There are times it is worth considering a name that obscures the location/nature of the network but this isn’t one of them. Remember – people connected to the guest account only get internet access, and the whole point of this is to make it easy so don’t choose a name that will complicate things. Something like my shop name - guest is perfect.
You may also have the option of disabling SSID broadcast (or enabling “stealth mode”). This means that the router won’t broadcast the name of the network and it generally won’t appear in the list of options that you can choose when trying to connect to the network. This means that guests have to enter the name of the network manually. Since the point is to make connecting easy just leave SSID broadcast enabled.
The next step is to determine what type of encryption to use. It’s tempting to just leave the guest network wide open (no password required) but that means anyone within range can connect. It also makes your guests vulnerable because their data is not encrypted. Instead stick with the best combination of security and compatibility – WPA2 Personal.
That means having a password. Again – the access provided by this account is limited so you can keep it simple. The password is less about blocking access to the network than it is about being an essential part of encrypting the wireless traffic and protecting your guests that use the network.
Leaving it open to anyone within range means that people could sit in their car nearby and use your connection for free. It might not seem like a big deal but this is popular with those who want to use somebody else’s connection for questionable activities – things like transferring pirated content (software, music, movies) or illegal material (child pornography, etc.). Any such activity would be traced back to you because they would be using your IP address and internet connection to enable their activity.
It’s better to use a simple password you make available only to clients (and possibly employees & contractors, more on that another day). It is also easy to change the password once a month or so.
