October 20, 2016 By Douglas Bonderud 2 min read

Business users expect Wi-Fi — not just at work but everywhere, from coffee shops to airports, restaurants, train stations and schools. In many cases, telecommunications providers and property owners are happy to oblige by spinning up completely insecure connections.

As noted by Help Net Security, that doesn’t stop executives and IT professionals from jumping online. A recent Xirrus survey, “Rolling the Dice With Public Wi-Fi,” found that while 91 percent were aware of public Wi-Fi security risks, 89 percent ignored them and connected anyway. Can companies prevent this kind of careless connection, or do wireless wants outweigh common sense?

Convenience Trumps Public Wi-Fi Security

A recent ZDNet article offered a clever reprise of Maslow’s Hierarchy of Needs. Under the broadest part of the pyramid — the one reserved for essentials like food and shelter — there’s another, bigger section simply labeled Wi-Fi.

It’s funny, sad and, in many cases, absolutely accurate. Digitally empowered users are instantly frustrated when a free Wi-Fi connection isn’t available. According to the new Xirrus study, almost half of all business users connect to public Wi-Fi at least three times per week, while 31 percent log on every day.

Despite an awareness of common public Wi-Fi security risks, such as the possibility of dummy networks designed to steal information and a lack of encryption, 83 percent are willing to access both their personal and corporate email via free connections.

Additionally, 68 percent of respondents use social media accounts while connected and over half watch videos. Even more worrisome, 43 percent leverage insecure public Wi-Fi to work or access credit card data. The bottom line is that speed and simplicity override security, even with increasing knowledge of potential consequences.

Combined with a total lack of encryption, it’s easy to see why public offerings simply aren’t viable options for business users. Staff members not only run the risk of malware, Trojan or ransomware infections, but any password or login credentials they enter are transmitted in cleartext, making them ideal targets for cybercriminals. Businesses also face the proliferation of legitimate-looking networks set up by cybercriminals to steal information.

Public Wi-Fi Alternatives

So how do companies reduce their risk? First, it’s essential to understand the mindset of typical users. They don’t want anything standing the way of convenience and access. When IT departments advise them to avoid public Wi-Fi — and therefore lose easy access to email accounts or document-sharing services — they tend to simply dismiss the warnings as too restrictive.

Instead, tech departments should provide alternatives. One option is to use virtual private networks (VPNs), which still allow access to public Wi-Fi but route all traffic through a secure tunnel.

It’s worth noting that these services aren’t perfect. Look for offerings that provide domain name system (DNS) leak protection or leverage their own DNS servers to avoid the problem of redirection to lookalike websites using malicious DNS.

As noted by Small Business Computing, personal hot spots are another option. Using their smartphones, employees can create private hot spots, which are faster than most public connections and offer an isolated, secure network. To encourage hot spot use, companies should make sure employees are trained in connection setup and have data plans that support regular use.

Everyone wants Wi-Fi — secure or not — and business users are no exception. Despite the risks, they’re willing to connect if it means they can get work done, watch videos and check emails. Laying down the law won’t correct this connection issue. The better bet is to provide simple alternatives to satisfy the need for Wi-Fi without compromising security.

More from

What’s behind unchecked CVE proliferation, and what to do about it

4 min read - The volume of Common Vulnerabilities and Exposures (CVEs) has reached staggering levels, placing immense pressure on organizations' cyber defenses. According to SecurityScorecard, there were 29,000 vulnerabilities recorded in 2023, and by mid-2024, nearly 27,500 had already been identified.Meanwhile, Coalition's 2024 Cyber Threat Index forecasts that the total number of CVEs for 2024 will hit 34,888—a 25% increase compared to the previous year. This upward trend presents a significant challenge for organizations trying to manage vulnerabilities and mitigate potential exploits.What’s behind…

Quishing: A growing threat hiding in plain sight

4 min read - Our mobile devices go everywhere we go, and we can use them for almost anything. For businesses, the accessibility of mobile devices has also made it easier to create more interactive ways to introduce new products and services while improving user experiences across different industries. Quick-response (QR) codes are a good example of this in action and help mobile devices quickly navigate to web pages or install new software by simply scanning an image.However, legitimate organizations aren’t the only ones…

Cybersecurity Awareness Month: 5 new AI skills cyber pros need

4 min read - The rapid integration of artificial intelligence (AI) across industries, including cybersecurity, has sparked a sense of urgency among professionals. As organizations increasingly adopt AI tools to bolster security defenses, cyber professionals now face a pivotal question: What new skills do I need to stay relevant?October is Cybersecurity Awareness Month, which makes it the perfect time to address this pressing issue. With AI transforming threat detection, prevention and response, what better moment to explore the essential skills professionals might require?Whether you're…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today