By Laura Haight
Public Wi-Fi is a great asset for mobile workers: Empowered and connected staff are out of the office, working with clients, customers, prospects all day. That would have to drive sales and stronger relationships fueled by better service. Right? Yes, but …
Public Wi-Fi is also a huge risk for business. A recent survey of 500 CIOs from companies around the world found that two-thirds are banning workers from using public Wi-Fi. The survey conducted by global ISP iPass found 53 percent of US companies surveyed considered Wi-Fi the biggest mobile security threat to their business. To counter the problem of insecure and extremely hackable public Wi-Fi, many companies provide their employees with VPN access, but only 26 percent are certain that employees use it.
What makes public Wi-Fi so dangerous?
It’s a culmination of factors: Our need for immediate results and a get-it-now culture, and our lack of adherence to basic security practices that runs headlong into some very accessible and cheap tools that even your mother could use to crack your bank account.
Packet Sniffers, for example, are a common network diagnostic tool. IT will use them to monitor and maintain your business network. But they can also be installed on any computer wirelessly connected to an unsecured network, like a Starbucks, and begin intercepting and scraping information from whatever business you are conducting. That could be logging into your corporate email account, checking your balance on your online banking app, or checking your next client’s account details on your online CRM software.
When IT says you are not permitted to access company resources from unsecured Wi-Fi, it’s not just that they’re trying to make your life hard. Hackers scrape your info and then, to add insult to injury, may use the same unsecured access to plant malware on your company network or the work computer that you are working on. From your computer, that malware can easily propagate and spread throughout your network
What can we do?
Obviously, there’s no way businesses can ban all unsecured activity. Policies that take that stance are unenforceable, but they should serve as a warning to all employees to be cognizant of the risks. And not only to the company. Your personal information is as much at risk as your employers’.
Some steps most security experts recommend.
Use a mobile VPN
If your company has a VPN, you should be using it. Whether you have an iPhone or Android device, you can pretty quickly set up your smartphone or tablet to use your VPN with configuration information from your business IT staff. What’s the diff? I wish I could claim ownership of this example, but I read it somewhere: Someone is following you home. You arrive and they know where you live, whether you have an alarm system, a dog, nearby neighbors, etc. That’s you on public Wi-Fi. Here’s you on a VPN: Someone is following you home, you duck into a building, put on a wig, change clothes and go out the back door. The guy following you is lost and you go safely to your destination.
It’s appalling how many people never install updates on their devices. Updates are most frequently developed to add features and, more importantly, to fix bugs and shut down vulnerabilities. In April 2014, the Heartbleed attack infected the vast majority of websites in the world. Patches and fixes were available for the bug within weeks. A year later, three of four large US companies (much less smaller firms with fewer resourced) had not installed the fix; many still haven’t. Updates serve a critical purpose. Put them on.
Wi-Fi off by default
Ever notice on your desktop that webpages that you aren’t even looking at, but you still have a tab open for are refreshing constantly? The same thing is going on with the Wi-Fi on your phone. When you enter an area with a previously accessed network, your phone, tablet or laptop remembers it and automatically will connect. Even when you’re not watching anymore, it is continually pinging that network to let it know that you are there. As long as you’re connected, you’re vulnerable. Turn Wi-Fi on when you need it only.
Always use SSL and HTTPS
SSL is a security protocol that creates an encrypted link between you and a webserver. It’s used commonly with email. You should make sure your email provider supports SSL as it is a basic, if not impenetrable, level of security. When on public Wi-Fi, access only secure sites through your browser. Just type https:// instead of http://. This is important on all sites, but especially critical on those where you enter personal information, passwords and credit card information.
Don’t shop on public Wi-Fi
First, we ARE talking about work here, so I assume you aren’t shopping, but just in general, never enter a credit card number or password on a website when you are on public Wi-Fi. Just don’t.
These steps will not guarantee you don’t get hacked, or that you don’t facilitate a hacker getting into your company, but they will add some layers of protection.