N.Y. county throws cold water on hot spots

Westchester County, N.Y., has enacted what may be the first law in the nation requiring Internet cafes and other similar commercial entities to secure their wireless networks to prevent identity theft and other computer fraud.

The law, which goes into effect 180 days from today, requires commercial businesses that store, use or maintain personal information electronically – such as a retail store that uses a wireless network to process credit card transactions – to take minimum security measures. County officials said the measures could be as simple as installing a network firewall, changing the system’s default service set identifier (SSID), or disabling SSID broadcasting with minimal effort and little to no additional cost.

“We know there are many unsecured wireless networks out there, and any malicious individual with even minimal technical competence would have no trouble accessing information that should be kept confidential,” Westchester County Executive Andy Spano, who signed the bill into law today, said in a prepared statement. The county Board of Legislators approved the bill April 10.

“It would be nice if these businesses took the necessary steps on their own to ensure their networks were kept secure, but the sad fact is that many don’t,” he added. “That’s why we’re taking it one step further and making it a law.”

The law does not apply to residents who use wireless networks in their homes.

The county Department of Consumer Protection’s Division of Weights and Measures will enforce the law. A first-time violator will receive a warning and 30 days to correct the situation. For a second violation, the business will receive a $250 fine. Further violations will result in $500 fines. The county also produced a brochure and Web site to educate consumers about identity theft.

Spano introduced legislation last fall after a team from the county’s information technology department found 248 wireless hot spots in less than a half-hour in White Plains using a laptop computer. Of the 248, 120 hot spots lacked any visible security and many kept the standard default name of the product, indicating it was a potential target for hackers.

In a related move, the county Department of Public Safety established the state’s first Digital Crime and Investigation Unit, a two-man team dedicated to searching the Internet for criminals involved in identity theft, fraud, pedophilia and cyber bullying.

Featured

  • People
    Federal CIO Suzette Kent

    Federal CIO Kent to exit in July

    During her tenure, Suzette Kent pushed on policies including Trusted Internet Connection, identity management and the creation of the Chief Data Officers Council

  • Defense
    Essye Miller, Director at Defense Information Management, speaks during the Breaking the Gender Barrier panel at the Air Space, Cyber Conference in National Harbor, Md., Sept. 19, 2017. (U.S. Air Force photo/Staff Sgt. Chad Trujillo)

    Essye Miller: The exit interview

    Essye Miller, DOD's outgoing principal deputy CIO, talks about COVID, the state of the tech workforce and the hard conversations DOD has to have to prepare personnel for the future.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.