Business users expect Wi-Fi — not just at work but everywhere, from coffee shops to airports, restaurants, train stations and schools. In many cases, telecommunications providers and property owners are happy to oblige by spinning up completely insecure connections.

As noted by Help Net Security, that doesn’t stop executives and IT professionals from jumping online. A recent Xirrus survey, “Rolling the Dice With Public Wi-Fi,” found that while 91 percent were aware of public Wi-Fi security risks, 89 percent ignored them and connected anyway. Can companies prevent this kind of careless connection, or do wireless wants outweigh common sense?

Convenience Trumps Public Wi-Fi Security

A recent ZDNet article offered a clever reprise of Maslow’s Hierarchy of Needs. Under the broadest part of the pyramid — the one reserved for essentials like food and shelter — there’s another, bigger section simply labeled Wi-Fi.

It’s funny, sad and, in many cases, absolutely accurate. Digitally empowered users are instantly frustrated when a free Wi-Fi connection isn’t available. According to the new Xirrus study, almost half of all business users connect to public Wi-Fi at least three times per week, while 31 percent log on every day.

Despite an awareness of common public Wi-Fi security risks, such as the possibility of dummy networks designed to steal information and a lack of encryption, 83 percent are willing to access both their personal and corporate email via free connections.

Additionally, 68 percent of respondents use social media accounts while connected and over half watch videos. Even more worrisome, 43 percent leverage insecure public Wi-Fi to work or access credit card data. The bottom line is that speed and simplicity override security, even with increasing knowledge of potential consequences.

Combined with a total lack of encryption, it’s easy to see why public offerings simply aren’t viable options for business users. Staff members not only run the risk of malware, Trojan or ransomware infections, but any password or login credentials they enter are transmitted in cleartext, making them ideal targets for cybercriminals. Businesses also face the proliferation of legitimate-looking networks set up by cybercriminals to steal information.

Public Wi-Fi Alternatives

So how do companies reduce their risk? First, it’s essential to understand the mindset of typical users. They don’t want anything standing the way of convenience and access. When IT departments advise them to avoid public Wi-Fi — and therefore lose easy access to email accounts or document-sharing services — they tend to simply dismiss the warnings as too restrictive.

Instead, tech departments should provide alternatives. One option is to use virtual private networks (VPNs), which still allow access to public Wi-Fi but route all traffic through a secure tunnel.

It’s worth noting that these services aren’t perfect. Look for offerings that provide domain name system (DNS) leak protection or leverage their own DNS servers to avoid the problem of redirection to lookalike websites using malicious DNS.

As noted by Small Business Computing, personal hot spots are another option. Using their smartphones, employees can create private hot spots, which are faster than most public connections and offer an isolated, secure network. To encourage hot spot use, companies should make sure employees are trained in connection setup and have data plans that support regular use.

Everyone wants Wi-Fi — secure or not — and business users are no exception. Despite the risks, they’re willing to connect if it means they can get work done, watch videos and check emails. Laying down the law won’t correct this connection issue. The better bet is to provide simple alternatives to satisfy the need for Wi-Fi without compromising security.

More from

New Attack Targets Online Customer Service Channels

An unknown attacker group is targeting customer service agents at gambling and gaming companies with a new malware effort. Known as IceBreaker, the code is capable of stealing passwords and cookies, exfiltrating files, taking screenshots and running custom VBS scripts. While these are fairly standard functions, what sets IceBreaker apart is its infection vector. Malicious actors are leveraging the helpful nature of customer service agents to deliver their payload and drive the infection process. Here’s a look at how IceBreaker…

Operational Technology: The evolving threats that might shift regulatory policy

Listen to this podcast on Apple Podcasts, Spotify or wherever you find your favorite audio content. Attacks on Operational Technology (OT) and Industrial Control Systems (ICS) grabbed the headlines more often in 2022 — a direct result of Russia’s invasion of Ukraine sparking a growing willingness on behalf of criminals to target the ICS of critical infrastructure. Conversations about what could happen if these kinds of systems were compromised were once relegated to “what ifs” and disaster movie scripts. But those days are…

Cybersecurity 101: What is Attack Surface Management?

There were over 4,100 publicly disclosed data breaches in 2022, exposing about 22 billion records. Criminals can use stolen data for identity theft, financial fraud or to launch ransomware attacks. While these threats loom large on the horizon, attack surface management (ASM) seeks to combat them. ASM is a cybersecurity approach that continuously monitors an organization’s IT infrastructure to identify and remediate potential points of attack. Here’s how it can give your organization an edge. Understanding Attack Surface Management Here…

Six Ways to Secure Your Organization on a Smaller Budget

My LinkedIn feed has been filled with connections announcing they have been laid off and are looking for work. While it seems that no industry has been spared from uncertainty, my feed suggests tech has been hit the hardest. Headlines confirm my anecdotal experience. Many companies must now protect their systems from more sophisticated threats with fewer resources — both human and technical. Cobalt’s 2022 The State of Pentesting Report found that 90% of short-staffed teams are struggling to monitor…