October 20, 2016 By Douglas Bonderud 2 min read

Business users expect Wi-Fi — not just at work but everywhere, from coffee shops to airports, restaurants, train stations and schools. In many cases, telecommunications providers and property owners are happy to oblige by spinning up completely insecure connections.

As noted by Help Net Security, that doesn’t stop executives and IT professionals from jumping online. A recent Xirrus survey, “Rolling the Dice With Public Wi-Fi,” found that while 91 percent were aware of public Wi-Fi security risks, 89 percent ignored them and connected anyway. Can companies prevent this kind of careless connection, or do wireless wants outweigh common sense?

Convenience Trumps Public Wi-Fi Security

A recent ZDNet article offered a clever reprise of Maslow’s Hierarchy of Needs. Under the broadest part of the pyramid — the one reserved for essentials like food and shelter — there’s another, bigger section simply labeled Wi-Fi.

It’s funny, sad and, in many cases, absolutely accurate. Digitally empowered users are instantly frustrated when a free Wi-Fi connection isn’t available. According to the new Xirrus study, almost half of all business users connect to public Wi-Fi at least three times per week, while 31 percent log on every day.

Despite an awareness of common public Wi-Fi security risks, such as the possibility of dummy networks designed to steal information and a lack of encryption, 83 percent are willing to access both their personal and corporate email via free connections.

Additionally, 68 percent of respondents use social media accounts while connected and over half watch videos. Even more worrisome, 43 percent leverage insecure public Wi-Fi to work or access credit card data. The bottom line is that speed and simplicity override security, even with increasing knowledge of potential consequences.

Combined with a total lack of encryption, it’s easy to see why public offerings simply aren’t viable options for business users. Staff members not only run the risk of malware, Trojan or ransomware infections, but any password or login credentials they enter are transmitted in cleartext, making them ideal targets for cybercriminals. Businesses also face the proliferation of legitimate-looking networks set up by cybercriminals to steal information.

Public Wi-Fi Alternatives

So how do companies reduce their risk? First, it’s essential to understand the mindset of typical users. They don’t want anything standing the way of convenience and access. When IT departments advise them to avoid public Wi-Fi — and therefore lose easy access to email accounts or document-sharing services — they tend to simply dismiss the warnings as too restrictive.

Instead, tech departments should provide alternatives. One option is to use virtual private networks (VPNs), which still allow access to public Wi-Fi but route all traffic through a secure tunnel.

It’s worth noting that these services aren’t perfect. Look for offerings that provide domain name system (DNS) leak protection or leverage their own DNS servers to avoid the problem of redirection to lookalike websites using malicious DNS.

As noted by Small Business Computing, personal hot spots are another option. Using their smartphones, employees can create private hot spots, which are faster than most public connections and offer an isolated, secure network. To encourage hot spot use, companies should make sure employees are trained in connection setup and have data plans that support regular use.

Everyone wants Wi-Fi — secure or not — and business users are no exception. Despite the risks, they’re willing to connect if it means they can get work done, watch videos and check emails. Laying down the law won’t correct this connection issue. The better bet is to provide simple alternatives to satisfy the need for Wi-Fi without compromising security.

More from

Airplane cybersecurity: Past, present, future

4 min read - With most aviation processes now digitized, airlines and the aviation industry as a whole must prioritize cybersecurity. If a cyber criminal launches an attack that affects a system involved in aviation — either an airline’s system or a third-party vendor — the entire process, from safety to passenger comfort, may be impacted.To improve security in the aviation industry, the FAA recently proposed new rules to tighten cybersecurity on airplanes. These rules would “protect the equipment, systems and networks of transport…

Protecting your digital assets from non-human identity attacks

4 min read - Untethered data accessibility and workflow automation are now foundational elements of most digital infrastructures. With the right applications and protocols in place, businesses no longer need to feel restricted by their lack of manpower or technical capabilities — machines are now filling those gaps.The use of non-human identities (NHIs) to power business-critical applications — especially those used in cloud computing environments or when facilitating service-to-service connections — has opened the doors for seamless operational efficiency. Unfortunately, these doors aren’t the…

Communication platforms play a major role in data breach risks

4 min read - Every online activity or task brings at least some level of cybersecurity risk, but some have more risk than others. Kiteworks Sensitive Content Communications Report found that this is especially true when it comes to using communication tools.When it comes to cybersecurity, communicating means more than just talking to another person; it includes any activity where you are transferring data from one point online to another. Companies use a wide range of different types of tools to communicate, including email,…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today