We all know Admiral Ackbar wasn’t referring to public Wi-Fi security when he uttered the famous line, “It’s a trap,” but the sentiments match. While he had bigger things to worry about than unsecured data connections, public Wi-Fi security can be super sketchy. It’s up to IT to warn their employees against the risks associated with open mobile connections.
People love anything free, especially Wi-Fi—87 percent are happy to hop onto the free, open internet at the restaurant or airport. Most of these people working and shopping online are exposing information in major ways. Sadly for IT, 22 percent don’t even blink before entering banking info.
Honestly, how bad is public Wi-Fi security?
One study by Intel Security revealed that the greatest risk in the public Wi-Fi world may be spoofed hot spots. Per ComputerWorld‘s John Dunn, “The real risk isn’t the lack of encryption on public Wi-Fi but the lack of verification that a hot spot is genuine.” Would your users think twice before connecting to an open wireless connection called “Starbucks Wi-Fi?” Probably not. Many of these spoofed connections include a series of login screens that appear legitimate.
Most IT pros are familiar with the ways in which hackers intercept protected data over open connections. Via Digital Trends, common methodologies include:
- Man-in-the-middle attacks: All data transmitted over a public network is routed through a hacker’s device.
- Malware: Putting malware onto a device through the theft of cloud login credentials or other methods of entry.
- Wi-Fi sniffing: Monitoring network traffic and using analysis to steal data.
David Maimon, criminology professor at the University of Maryland, explains that the tools necessary to launch these attacks aren’t sophisticated. They’re widely available online and require less knowledge than your average computer science student to operate.
One of the most shocking statistics we dug up indicated that your users aren’t completely blind to risks. A study by the Identity Theft Resource Center showed that 76 percent of people know public Wi-Fi use can lead to identity theft. So, they know it’s a trap? If they’re not ignorant to the risks and go ahead anyway, how on Earth do you change their minds?
Provide employees a mobile hot spot
If there was a single, guaranteed way to make sure your employees weren’t dealing with sensitive data on risky networks, it’d involve literally handing them the wireless connection on the way out the door. It’s certainly not the cheapest or most minimal way to make sure your employees use a secure connection, but it could be the right one for frequent travelers and remote workers.
While it’s hard to say exactly how many organizations have adopted this approach, it’s a fair amount. For IT manager Matt Kosht, handing out MiFi has been one way to silence users’ wails about “draconian web-filtering practices and poor internet performance.”
Make it (relatively) easy to VPN
There are benefits to issuing standardized devices. But, with the right VPN, you don’t even need to fear the impact of wireless hot spots on a personally owned employee device. This isn’t the only way to improve mobility and security—but it’s one of the most important, bare minimum steps to take.
For Gary Pettigrove, CIO at the Australian National Audit Office, VPN offers more than just protection against sketchy Wi-Fi. He’s noticed productivity gains in his employees’ abilities. “You download the data you need to your laptop through the VPN and our applications enable you to work offline,” he told OpenGov. “And when you get out of the secure location, you synchronize it back in again.” The right VPN will act as a wall between your employees and the outside world, without disrupting the ways they work.
Make it really hard to Wi-Fi
For the sake of simplicity, you should assume your employees will try to bypass best practices to occasionally work from public wireless. It’s just going to happen. TechTarget mobility consultant Bryan Barringer believes that where your VPN and common sense leave off, you should exert control with mobility policy. He writes, “Most mobile products are only as reliable as the access controls Active Directory provides. IT departments need to keep Active Directory and other controls up to date with evolving mobile best practices.”
Using policy-based administration to tightly control your user’s permissions and data classifications, along with a great VPN and possible mobile device management (MDM), makes things much harder for IT than the end user. But it also greatly diminishes the chances anyone emails personal identifying information (PII) through a hacker’s interception point.
Put Wi-Fi risks on blast
Even if your employees aren’t able to expose your company’s data through super-great mobility, are they going to open up their own banking data on personally owned devices at the local coffee shop network?
Personal risks are company risks—an employee who’s actively fighting identity theft is likely to experience a massive amount of stress that affects their productivity, engagement, and happiness. While IT pros can’t control what people choose to do on their own time, they can make sure everyone at their organization knows just how sketchy public wireless is.
For your employees, public Wi-Fi access points probably don’t look like a massive information trap; they likely represent convenience. By making it just as easy for your employees to do their work securely away from the office without latching onto the public hot spot, you can significantly reduce your risk exposure.