A reader who will remain anonymous (he can out himself if he wishes) sent me an interesting observation. He was in his doctor’s office last week, and out of curiosity, he ran a wifi scanner on his phone just to see what networks were available and how they were secured.

What he saw wasn’t pretty. Especially considering he was in a building full of doctors, lawyers, and financial advisors.
He saw 11 networks, total. Of those, 4 networks were straight-up WEP. One was WPA2, but had WPS enabled. One was straight WPA, and two were dual WPA/WPA2.

Only 3 of the 11 were WPA2 without WPS, which is the textbook way to configure a network securely. Five of the 11 networks were configured in such a way that someone could break them easily, using known vulnerabilities.

I don’t think I’d fire my doctor over that. An attorney? It depends, but I’d certainly want my estate attorney to have a secure network. And I wouldn’t hesitate to change financial advisors over such a thing. After all, these professionals have a lot of your information, and if someone were to steal that information via their networks, you’d have a big mess to clean up, and you may very well never know where the perpetrators stole the information. The only way to fix it is to raise awareness. And asking the question is the first step toward raising awareness.

Securing a wi-fi network took 30 minutes the last time I did it.