A new Opinium survey of 2,002 UK adults, which was conducted between 9th to 14th April 2020, has revealed that UK homes in lockdown during the COVID-19 crisis spent 41.3 hours online a week (up 29% since pre-lockdown). Time spent working from home rose by 67% and broadband use for schoolwork climbed by 35%. Post lockdown but while workers have not been in offices there has been a similar rise in the use of public Wi-Fi.
What is public Wi-Fi?
Unlike a private network, public Wi-Fi is an open, generally unsecured network that can either be accessed without a password or with a publicly advertised password. It is commonly found in cafes, restaurants, airports and hotels. In using a public network, there are several risks that you need to consider. The biggest one is that the security on these networks is often very lax, and even nonexistent. As well as this, you don’t know who has set it up, and who else is on it. This has serious implications if an employee is accessing public Wi-Fi to work. There are more risks below that you need to consider.
What are the associated risks to public Wi-Fi?
For a hacker, connecting to the internet through public Wi-Fi is similar to inviting them into your office or house to have a good look around. There are a variety of approaches that a hacker can use to cause trouble:
- Rogue networks: Malicious actors can trick users into using a rogue Wi-Fi network. False networks can be established by hackers with names like ‘free Wi-Fi' which may be set up with the sole intention of harvesting data about your company.
- Malware distribution: Attackers can use an unsecured Wi-Fi connection to distribute malware. In using public Wi-Fi, your employees are exposed to worm attacks. Whilst viruses need a programme to attack to compromise information, worms do not. A worm can travel from one device to another that’s connected to the network. See our blog on drive by cyberattacks for more information
- Eavesdropping: Hackers can use technology which allows them to eavesdrop on public Wi-Fi signals. They could access everything remote workers are doing online. This could compromise log-in credentials.
- Man-in-the-Middle (MitM) attack: Hackers can intercept information by positioning themselves between employees using public Wi-Fi and the connection point.
What are the recommendations to prevent risks due to using public Wi-Fi?
There are ways to mitigate the risks associated with public Wi-Fi. We have outlined some of them here.
- Put simply, the best advice is to try to discourage employees from using public Wi-Fi. The more networks employees connect to, the more likely the risk of compromise. Instead of using public Wi-Fi, encourage employees to make a hotspot with their smartphone if they are able to and use mobile data, which is usually more secure.
- Do not share files when using a public Wi-Fi network. Once joined, try and disable any file sharing options. It is also advised that an employee limits their accessing of company secrets via public Wi-Fi.
- Unlike websites, mobile apps don’t have a visible indicator like this. If employees plan to use an app for shadow IT purposes on public Wi-Fi, this is another way to breach data. You must discourage employees from using these unless it's with a phone’s data network.
- It sounds quite simple, but if employees must join a public Wi-Fi network, encourage them to check it first. Verify the IP address of a network before joining it, and check the level of encryption. WEP and WPA are common methods of encryption, but WPA2 is the strongest.
- No public Wi-Fi is completely secure. It is usually recommended that your company uses a VPN provider to access the internet on public networks. There are many benefits to using a Virtual Private Network. It keeps your information secure when you are using public Wi-Fi. As well as this, users can mask their IP address, allowing you to use the internet anonymously. Online privacy is safeguarded, and the internet can be accessed safely.
- In using a VPN, you should make sure that the provider of the VPN is legitimate, and from a reputable supplier with few vulnerabilities. Hackers have been known to attack corporate VPNs and sell access to them to other hackers. Proper research into VPN suppliers will minimise the risks associated with this.
- You will have to keep in mind that some hotspots will recognise if you are using a VPN, and request that you disable it prior to connecting. If a VPN cannot be used for this reason, make sure that all the links to access company data remotely are encrypted. Employees can check this by looking for HTTPS at the beginning of a link.
- You should also encourage the adoption of a firewall. This will allow devices to filter ingoing and outgoing network traffic onto your device and stop anything suspicious.
Public Wi-Fi is far from secure. Hackers can use them to steal data and eavesdrop on your communications. Companies must alert staff of risks associated with using it. You can mitigate the risks by discouraging a practice that relies on them or opting to use a VPN. If you are going to use a VPN, make sure you conduct thorough research into suppliers before choosing one. You should also encrypt all websites used to access sensitive information about your company.