Public Wi-Fi Security Risks Well-Known, Yet Completely Ignored by Business Users
Business users expect Wi-Fi — not just at work but everywhere, from coffee shops to airports, restaurants, train stations and schools. In many cases, telecommunications providers and property owners are happy to oblige by spinning up completely insecure connections.
As noted by Help Net Security, that doesn’t stop executives and IT professionals from jumping online. A recent Xirrus survey, “Rolling the Dice With Public Wi-Fi,” found that while 91 percent were aware of public Wi-Fi security risks, 89 percent ignored them and connected anyway. Can companies prevent this kind of careless connection, or do wireless wants outweigh common sense?
Convenience Trumps Public Wi-Fi Security
A recent ZDNet article offered a clever reprise of Maslow’s Hierarchy of Needs. Under the broadest part of the pyramid — the one reserved for essentials like food and shelter — there’s another, bigger section simply labeled Wi-Fi.
It’s funny, sad and, in many cases, absolutely accurate. Digitally empowered users are instantly frustrated when a free Wi-Fi connection isn’t available. According to the new Xirrus study, almost half of all business users connect to public Wi-Fi at least three times per week, while 31 percent log on every day.
Despite an awareness of common public Wi-Fi security risks, such as the possibility of dummy networks designed to steal information and a lack of encryption, 83 percent are willing to access both their personal and corporate email via free connections.
Additionally, 68 percent of respondents use social media accounts while connected and over half watch videos. Even more worrisome, 43 percent leverage insecure public Wi-Fi to work or access credit card data. The bottom line is that speed and simplicity override security, even with increasing knowledge of potential consequences.
Combined with a total lack of encryption, it’s easy to see why public offerings simply aren’t viable options for business users. Staff members not only run the risk of malware, Trojan or ransomware infections, but any password or login credentials they enter are transmitted in cleartext, making them ideal targets for cybercriminals. Businesses also face the proliferation of legitimate-looking networks set up by cybercriminals to steal information.
Public Wi-Fi Alternatives
So how do companies reduce their risk? First, it’s essential to understand the mindset of typical users. They don’t want anything standing the way of convenience and access. When IT departments advise them to avoid public Wi-Fi — and therefore lose easy access to email accounts or document-sharing services — they tend to simply dismiss the warnings as too restrictive.
Instead, tech departments should provide alternatives. One option is to use virtual private networks (VPNs), which still allow access to public Wi-Fi but route all traffic through a secure tunnel.
It’s worth noting that these services aren’t perfect. Look for offerings that provide domain name system (DNS) leak protection or leverage their own DNS servers to avoid the problem of redirection to lookalike websites using malicious DNS.
As noted by Small Business Computing, personal hot spots are another option. Using their smartphones, employees can create private hot spots, which are faster than most public connections and offer an isolated, secure network. To encourage hot spot use, companies should make sure employees are trained in connection setup and have data plans that support regular use.
Everyone wants Wi-Fi — secure or not — and business users are no exception. Despite the risks, they’re willing to connect if it means they can get work done, watch videos and check emails. Laying down the law won’t correct this connection issue. The better bet is to provide simple alternatives to satisfy the need for Wi-Fi without compromising security.