IT Brief New Zealand - Technology news for CIOs & IT decision-makers
Story image
If you are using public WiFi for work, stop!
Tue, 12th Sep 2023

Is it dangerous to log on to a public WiFi network?

In December 2014, Australian police arrested 50 members of a criminal syndicate that stole more than $6 million with identities they hacked from people’s phones through a free WiFi network.

So, if you’re accessing company servers or the corporate email from a public WiFi connection, then you and your company are at considerable risk.

With demands for hybrid work practices post-pandemic, mobile devices are now also integral to the way we work. The average employee today is a mobile-first user, connecting ‘anywhere, anytime’, accessing company data, collaborating with coworkers, completing business transactions, and using a myriad of apps with their smartphones.

In fact, nearly 76% of employees use their mobile devices to communicate with the office. Protecting mobile-first enterprises that use unmanaged mobile devices is difficult as apps are often the front door to risk, increasing the company’s vulnerability to mobile threats.

With over two million unique mobile malware discovered in 2021, connecting remotely to your office via an unsecured or public WiFi network poses significant risks to your staff and organisation.

Public WiFi risks that could endanger your organisation
Logging on to an unsecured public WiFi network is akin to driving without your safety belt strapped in. Without the necessary protection, you risk lasting damage. For the unsuspecting employee, that could be theft of personal and company data, confidential financial information, passwords, and other critical login credentials.

If your employees work from cafés, on trains, or in airports, you should be mindful of the following hidden dangers of public WiFi:

Evil Twin

A rogue WiFi network designed to fool the user by approximating the look and access of a legitimately secure WiFi network.

Man-in-the-middle (MITM)
Hackers position themselves between your employees who are using the WiFi and the connection point so they can intercept and harvest company data.

Malware distribution
An unsecured WiFi connection is a perfect conduit to distribute malware. Having infected software on your computers and devices can be financially crippling to your organisation.

Eavesdropping on WiFi signals
The use of special software kits to eavesdrop on WiFi signals to retrieve employee login credentials and hijack accounts unnoticed, gaining access to everything your remote workers are doing online.

How to protect your organisation on public WiFi networks
The challenge with using public WiFi networks is the lack of information about what level of encryption is available (if any) and who controls and monitors the data traffic. While WPA2 is the strongest WiFi encryption currently available, many public WiFi network operators have not upgraded. WPA, a less secure predecessor, and WEP (the weakest) are still widely used and easily hacked. According to a report by Kaspersky Security Network, approximately 24.7% of public WiFi hotspots across the world do not use any encryption at all.

Here are several practical steps you and your employees can take to protect yourselves:

Be extra vigilant
Verify the actual name of the network you’re connecting to. Just because it includes the name of the shop or café in the network ID doesn’t mean they own it. Also, be wary of networks that ask for sign-in information because hackers often create sign-in pages to harvest your login credentials. But most of all, don’t treat the public WiFi like your home connection.

Check your device settings
Update your operating system and ensure your applications are up to date. Check that your device settings don’t automatically connect to a WiFi network. Enable ‘always use https’ on frequently visited websites that require login credentials. Https sites are encrypted.

Use a cellular connection instead of the public WiFi service
With more than 60% of global web traffic going through mobile phones, the temptation to connect to an unsecured public network is often too difficult to resist.

Organisations should encourage employees to connect over a cellular network as there is a direct connection between the device and the cellular provider. Their identities are authenticated via the device’s SIM chip, among other things, and the connection between the mobile device and the provider is encrypted, ensuring enterprise data accessed on the mobile device is not exposed to the threats listed above.

To ensure comprehensive mobile security, enterprises should consider Mobile Threat Defence (MTD) when they subscribe to corporate mobile plans for employees. MTD delivers persistent monitoring of threats across secure and unsecured network connections to prevent, detect and remediate cyber-attacks in real-time. These include phishing attacks on mobile devices, networks, and applications.

Take Your First Step to Secure WiFi Access
While public WiFi is a widely used convenience, it’s also associated with risks that can compromise an employee’s personal information and expose critical enterprise information.

The more you take your chances with a free network connection, the greater the likelihood your company will suffer a security breach.