October 20, 2016 By Douglas Bonderud 2 min read

Business users expect Wi-Fi — not just at work but everywhere, from coffee shops to airports, restaurants, train stations and schools. In many cases, telecommunications providers and property owners are happy to oblige by spinning up completely insecure connections.

As noted by Help Net Security, that doesn’t stop executives and IT professionals from jumping online. A recent Xirrus survey, “Rolling the Dice With Public Wi-Fi,” found that while 91 percent were aware of public Wi-Fi security risks, 89 percent ignored them and connected anyway. Can companies prevent this kind of careless connection, or do wireless wants outweigh common sense?

Convenience Trumps Public Wi-Fi Security

A recent ZDNet article offered a clever reprise of Maslow’s Hierarchy of Needs. Under the broadest part of the pyramid — the one reserved for essentials like food and shelter — there’s another, bigger section simply labeled Wi-Fi.

It’s funny, sad and, in many cases, absolutely accurate. Digitally empowered users are instantly frustrated when a free Wi-Fi connection isn’t available. According to the new Xirrus study, almost half of all business users connect to public Wi-Fi at least three times per week, while 31 percent log on every day.

Despite an awareness of common public Wi-Fi security risks, such as the possibility of dummy networks designed to steal information and a lack of encryption, 83 percent are willing to access both their personal and corporate email via free connections.

Additionally, 68 percent of respondents use social media accounts while connected and over half watch videos. Even more worrisome, 43 percent leverage insecure public Wi-Fi to work or access credit card data. The bottom line is that speed and simplicity override security, even with increasing knowledge of potential consequences.

Combined with a total lack of encryption, it’s easy to see why public offerings simply aren’t viable options for business users. Staff members not only run the risk of malware, Trojan or ransomware infections, but any password or login credentials they enter are transmitted in cleartext, making them ideal targets for cybercriminals. Businesses also face the proliferation of legitimate-looking networks set up by cybercriminals to steal information.

Public Wi-Fi Alternatives

So how do companies reduce their risk? First, it’s essential to understand the mindset of typical users. They don’t want anything standing the way of convenience and access. When IT departments advise them to avoid public Wi-Fi — and therefore lose easy access to email accounts or document-sharing services — they tend to simply dismiss the warnings as too restrictive.

Instead, tech departments should provide alternatives. One option is to use virtual private networks (VPNs), which still allow access to public Wi-Fi but route all traffic through a secure tunnel.

It’s worth noting that these services aren’t perfect. Look for offerings that provide domain name system (DNS) leak protection or leverage their own DNS servers to avoid the problem of redirection to lookalike websites using malicious DNS.

As noted by Small Business Computing, personal hot spots are another option. Using their smartphones, employees can create private hot spots, which are faster than most public connections and offer an isolated, secure network. To encourage hot spot use, companies should make sure employees are trained in connection setup and have data plans that support regular use.

Everyone wants Wi-Fi — secure or not — and business users are no exception. Despite the risks, they’re willing to connect if it means they can get work done, watch videos and check emails. Laying down the law won’t correct this connection issue. The better bet is to provide simple alternatives to satisfy the need for Wi-Fi without compromising security.

More from

CVE-2023-20078 technical analysis: Identifying and triggering a command injection vulnerability in Cisco IP phones

7 min read - CVE-2023-20078 catalogs an unauthenticated command injection vulnerability in the web-based management interface of Cisco 6800, 7800, and 8800 Series IP Phones with Multiplatform Firmware installed; however, limited technical analysis is publicly available. This article presents my findings while researching this vulnerability. In the end, the reader should be equipped with the information necessary to understand and trigger this vulnerability.Vulnerability detailsThe following Cisco Security Advisory (Cisco IP Phone 6800, 7800, and 8800 Series Web UI Vulnerabilities - Cisco) details CVE-2023-20078 and…

X-Force data reveals top spam trends, campaigns and senior superlatives in 2023

10 min read - The 2024 IBM X-Force Threat Intelligence Index revealed attackers continued to pivot to evade detection to deliver their malware in 2023. The good news? Security improvements, such as Microsoft blocking macro execution by default starting in 2022 and OneNote embedded files with potentially dangerous extensions by mid-2023, have changed the threat landscape for the better. Improved endpoint detection also likely forced attackers to shift away from other techniques prominent in 2022, such as using disk image files (e.g. ISO) and…

The compelling need for cloud-native data protection

4 min read - Cloud environments were frequent targets for cyber attackers in 2023. Eighty-two percent of breaches that involved data stored in the cloud were in public, private or multi-cloud environments. Attackers gained the most access to multi-cloud environments, with 39% of breaches spanning multi-cloud environments because of the more complicated security issues. The cost of these cloud breaches totaled $4.75 million, higher than the average cost of $4.45 million for all data breaches.The reason for this high cost is not only the…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today