Wi-Fi has enabled the mass adoption, use and innovation of connected devices. We have come to expect ubiquitous Wi-Fi wherever we go: coffee shops, hotels and airports all offer public access Wi-Fi networks. Even the London Underground is meeting the connectivity demands of our ‘always connected’ society. Our modern, nomadic workforces rely on internet connectivity to operate remotely, however the majority of public Wi-Fi connections remain unencrypted and incapable of protecting user data. Anyone with malicious intent can use these unencrypted networks to access information ranging from confidential company data to financial transactions. Attacks are increasingly compromising email accounts, passwords and other personal information.
Public Wi-Fi networks often present security issues based on how they are used. Whilst network administrators hold a certain amount of responsibility, poor security practices by users are also to blame. Every user on public Wi-Fi uses the same encryption key, which opens their personal device up to intrusion. In an ideal situation each user would have a unique encryption key, but this makes networks complex and more difficult to manage.
Many users of public Wi-Fi networks are aware of the security risks. Perhaps surprisingly though, many continue to use public networks for business despite these concerns. A recent Xirrus report found that 91 percent of Wi-Fi users do not believe public Wi-Fi is secure, yet 89 percent of Wi-Fi users choose to use it anyway. 48 percent of Wi-Fi users connect to public Wi-Fi at least three times per week and 31 percent connect every day. This indicates that the need to connect to the internet supersedes any potential security implications.
It is therefore crucial for people connecting to public Wi-Fi networks to ensure the safety of their personal and business data. There are a number of precautions users can take to help. Here are six best practice steps business users can take to secure their personal information when connecting to public Wi-Fi networks:
- Use a Virtual Private Network (VPN)
A VPN establishes an encrypted pathway, allowing the user to securely access company information without exposing it to the rest of the network. A VPN requires a dedicated program on each device to encrypt a connection from end-to-end. While this can be time-consuming, it is one of the most effective methods of increasing personal security while using a public network.
- Use two-factor authentication
Two-factor authentication provides a two-step process to identify a genuine user logging into an account. It combines components from the system with a knowledge factor provided by the user. This could be a code sent to a verified mobile phone number or email address. These extra steps are often enough to block malicious users from the system, as cracking a password alone will not be enough to access the account.
- Remember to forget
Once a device has joined a public network, it will automatically connect to that network whenever it is in range, even if the user is not using it. To prevent this, users should turn off any network discovery options or get into the habit of deleting the network’s SSID profile after they use it.
- Verify the network
Before going online users should verify that the network is the provider’s official system, rather than assuming the strongest signal is coming from the trusted network. Asking for the correct SSID prevents man-in-the-middle attacks.
- Avoid logging in
When using public Wi-Fi, users should avoid using websites that require login credentials. This may, however, be unavoidable, and in these situations it is best to use websites supporting the HTTPS protocol. This encrypts communications between the website and browser.
- Train your staff
46 percent of Wi-Fi users say their company has not offered cyber security training in the past year. Businesses need to both provide training opportunities and encourage a security culture within their organisation. Giving employees the necessary tools to avoid attack will minimise the security risks of using public Wi-Fi.
With more devices relying on wireless technology and more business users turning to public Wi-Fi networks to work on the go, risks to business data will only continue to increase. Following security best practices allows users to take their personal Wi-Fi network with them, enabling secure access to business and customer data whilst still offering the convenience of public Wi-Fi networks.
[su_box title=”About Dirk Gates” style=”noise” box_color=”#336588″][short_info id=’68717′ desc=”true” all=”false”][/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.