Offering free and quality Wi-Fi is a basic service in many businesses with a large influx of customers, and especially in leisure or tourist establishments. But to what extent are we aware of whether or not we comply with the Wi-Fi regulations Spanish, International? In this article we solve all your doubts.
Today it is unthinkable that a hotel, restaurant or cafeteria does not have a free Wi-Fi network; however, it is still very common to find networks whose access is done through a public password.
What should I take into account to offer free Wi-Fi and comply with the regulations Wi-Fi GDPR? What penalties do I face for not complying with the Spanish legislation on free Wi-Fi access? Keep reading.
What are the requirements to offer free WiFi in your company?
Before the approval of the General Data Protection Regulation (RGPD), businesses could leave their WiFi connection open, using weak WEP encryption and even placing a sign with access credentials in a visible place.
Following the entry into force of the new regulation, these practices no longer comply with the law, since there is a risk to the security of the users of these networks. There is a clear path for a cybercriminal to access personal data and steal or manipulate information transmitted through the network.
To avoid reaching this point European regulation GDPR of 2016, adapted to Spanish legislation under the Organic Law on Data Protection and Guarantee of Digital Rights (LOPDGDD) in 2018, establishes the requirements that must be met by companies that offer free Internet access, such as hotels.
Currently, the fines linked to possible security breaches, data theft or deficiencies in the application of this regulation in hotels can involve fines that can range from €60.000 to €600.00 or up to 4% of the turnover of the last year fiscal. Not counting the significant reputational damage to the hotel.
In this context, and especially in the specific case of hotel establishments, there are still many that do not comply with the latest Wi-Fi regulations for hotels and are exposed to sanctions. In Cerium, as technological integrators specialized in this sector, we have the necessary technology to protect access to your network and activate the security mechanisms that protect this key service.
How to meet the nueva Wi-Fi regulations in hotels?
Risk analysis
La Wi-Fi security regulationsi establishes that the person in charge of the establishment must carry out a risk analysis and, based on the results, adopt all the security measures considered appropriate to protect the users of these networks.
Here, the problem is that the standard does not specify what these protection measures are, which range from access control and registration to data encryption, among other aspects. For this reason, many hoteliers They are not able to manage this point, sometimes due to ignorance, lack of information, bad advice or because they underestimate the importance and need to protect their WiFi networks.
Captive portal
Also popularly known as WiFi hotspot, it is a login screen that appears once the user tries to access the WiFi connection and that forces the user to leave certain data to obtain free access. In short, it prevents the client from having to enter a public password. What should you incorporate?
- They must be visible Terms and conditions of use
- A section must be included where the user expressly consents to access the network after having read the privacy policy and the conditions or terms of use.
- Information may be requested that helps identify that user: name, surname, hotel room, etc.
In addition, and this is the most important thing, this access control allows the hotelier to keep track of which users have connected in order to detect or track any illicit activity.
Promotion!
Try the Cerium WiFi Hotspot 3 months FREE without obligation
Still don't have a login portal to access your WiFi network? Capture more data from your guests, improve your marketing actions and protect your connections.
Registration or monitoring of user activity on the WiFi network
The regulations state that a log of network activity must be created and maintained as a safeguard for the owner. The terms and conditions indicate why this information is stored and, once the user accepts them, we are able to trace:
- Pages visited
- connection sessions
- device used
- Operating system or browser used
- Language
If the user has not given this consent, this traceability cannot be carried out, since this would mean a crime against the user's privacy.
It may interest you: How to make a correct WiFi installation in hotels
At this point, many captive portals are very limited, since the log they generate only collects the date and time of connection to the network and date and time of disconnection of each user. In other words, it is not possible to determine if a specific user has connected on a specific day, at a specific time and to a specific destination IP; that is, they do not collect detailed information about the connections.
How to protect yourself against illegal activities carried out from your WiFi connection?
Prevention
The best network security strategy that a hotel can follow is prevention. Establishing the necessary barriers goes through audit hotel Wi-Fi networks, both corporate and customer, and the best option for this is to entrust this work to companies specialized in network configuration, installation and protections
Have the latest security protocols in your network (WP3)
The different WiFi protection standards have the objective of protecting wireless networks from attacks by intruders. The WPA2 standard, acronym for WiFi Protected Access, has been one of the most widespread, with great improvements such as the TKIP, which allows you to change the password from time to time. But it was violated in 2017.
Today, it is essential to have the WPA3 standard, which incorporates the latest advances in network security, such as 256-bit encryption algorithms, which make any sabotage attempt difficult.
Access control
Hotspot and GDPR compliance They go hand in hand. As we have already mentioned, this is the most basic preventive action, but there are, although there are other ways of controlling access. For example, it is important to have WiFi controller software that allows you to configure all the Access Points in your hotel under the same advanced traffic denial rules, as well as under predefined navigation control lists.
How to safely address a digital transformation in tourism businesses
intrusion detection
When it comes to detecting unauthorized intruders, we can implement tools such as IDS systems (intrusion detection systems) or proxy.
An IDS automatically monitors network traffic for patterns that could lead to a cyber attack. For its part, it blocks potentially dangerous web addresses.
Rogue AP Detection
A Rogue AP (Access Point) is an unauthorized WiFi access point that connects to a hotel network and is managed by someone outside the organization. It is important to build barriers to detect these irregularities to avoid the impersonation of WiFi equipment and problems derived from the interception of user navigation and data exchange.
Latest technology for compliance with article 25.1 of the Citizen Security Law
Establishments that offer free Wi-Fi have the obligation, according to this article of law, to cKeep a record of connections to that network and make it available to the State Security Forces and Bodies during the periods established by the applicable provisions in each case, with the aim of prosecuting criminal activities committed from said connection.
Cerium's captive portal incorporates a pioneering technology called IP Police, which allows information to be collected from a connection without the need to force the user to give their explicit consent. This system prevents the user from having to choose between privacy and security.
Going down into more detail, allows you to make a record with the data that our wifi hotspoti extracts from the network and identifies and locates a specific connection on the network, indicating date and time, user's Mac, source IP temporarily assigned to the user and destination IP with ports (source and destination). Thanks to all this information, the illicit connection is identified, maintaining the privacy and security of the user and helping the establishment to comply with current legislation.
Keep learning: Data protection in hotels: security basics
At Cerium we work to meet the objective of protecting the data, infrastructure and equipment that are connected to our hotel.
With a team with more than 15 years of experience in technology and hospitality, we have the necessary professionals and tools to ensure that your infrastructures are safe, complying with all WiFi legislation for hotels current.
Do you have a project linked to your WiFi network? Looking for advice? Contact us.
