Nowadays, cyber-security is front-page news. It seems like nearly every week, we hear about some big company getting hacked and its customer data being stolen. Outrage from customers and onlookers alike fills the Internet, demanding to know why this data was not protected. Many of these people then go home or to work, hop on unsecured home networks and begin browsing away on malware-infected PCs, never realizing that many of the same mistakes (and more!) are being committed by themselves and their employers.

I truly believe that a much greater amount of data, and therefore risk, lies in the hands of small business than in the mega-corporations. Breaking into Citigroup or Sony may net a real hacker a lot of credibility, but by and large it's not the real hackers that we have to worry about. Instead, it's the script-kiddies (miscreants who use the powerful tools that real hackers have developed, often with little understanding) and professional scammers we should fear - and they can get a lot more "bang for the buck" harvesting local, poorly secured networks than wasting time and almost assuredly getting caught busting into big companies. If Citigroup is Fort Knox, then your nearby doctor's or accountant's office is a simple snatch-and-grab home burglary, where the tenant won't be back to find out... ever.

In my office complex alone, there are also: three doctors, two attorneys, one insurance agency and one financial manager (and a partridge in a pear tree!). Six of the above run wireless networks, three of them use default passwords for their router and an easily guessable wireless access password. All six networks have a critical vulnerability running that you'll read about here. The seventh office uses conventional wired networking, but has no passwords or controls for the network and an Ethernet jack in an unattended conference room accessible from the front lobby.