How remote work on public wi-fi is putting your business at risk


Date: 14 October 2021

The free wi-fi trap

Ransomware attacks are one of the biggest threats to your company's data and commercial information. In fact, according to Lindy Cameron, chief executive of the National Cyber Security Centre, ransomware is now the biggest online threat to people and businesses in the UK.

Ransomware attacks happen when criminals get access to a company's system, encrypt the data and then demand a payment to release the information. Often, they'll include a deadline for payment and threaten to delete the data if the ransom isn't paid in time. And these attacks are becoming more professionalised. Not as a result of state sponsored attacks. But from cyber gangs operating as a larger network to target millions of small businesses at a time, or target larger multinational corporations.

And while some of these attacks come as the result of sophisticated hacking techniques, often they're as simple as using a lack of data security awareness to gain access to networks through a single employee device. One of the most common routes into a company's network is when an employee uses public wi-fi to access company systems or send information via email over a public network.

The reason these attacks are so simple, is because public wi-fi isn't secure. Most of the time you don't need a login or password to use them. And in public places like coffee shops, which now regularly offer free wi-fi, the password is displayed for everyone to see.

Is remote working putting more networks at risk?

One of the reasons these attacks should be taken more serious, is because of the rise in remote working in the last 18 months, and the fact it's likely to continue for many businesses long into the future. This creates more situations when employees might use public wi-fi for work.

There are a number of ways that cyber criminals can exploit public wi-fi to get access to your network and sensitive information.

Most common cyber threats on public wi-fi

One of the most common types of attacks is from rogue wi-fi networks. These are networks created by hackers to resemble a legitimate wi-fi network in the hope people will just use them.

They'll often start with the word FREE to gain attention and will often be named to appear like a real network, with a slight change in spelling.

If an employee clicks onto this network, hackers will be able to monitor all their activity while they're connected to it and get access to any data and information they access.

Another common attack is a 'man in the middle' attack. This is when criminals put themselves between your employee's device and the wi-fi network they're connected to. These attacks aren't limited to public wi-fi but they are easier because of the lack of security or encryption. Once a hacker is between the wi-fi network and the devices connected to it, they can intercept any information passed over it.

And hackers aren't limited to attacking one device at a time. They're able to simultaneously attack every device connected to an unsecure wi-fi network by sending out malware. This then infects the devices and can cause massive data corruption.

One of the easiest attacks for hackers is what's called a snoop attack. A criminal simply uses the wi-fi signal to piggyback onto your employee's device, where the hacker can sit in the background and monitor the activity on the device.

Employees making themselves discoverable to hackers

In fact, employees don't always need to have accessed public wi-fi to become vulnerable to an attack. Usually if they're scanning for an available network they'll put their wi-fi settings on their business phone or laptop to 'discover new networks'.

But this also makes their device discoverable to other people - including hackers. If the hacker is able to detect that employee's device, they'll potentially be able to get access to it.

How to protect your business phones and company data from attacks

While the risks to your company data on public wi-fi are real, there are a number of things you can do to decrease those risks and safeguard your data.

A simple one is to create a policy for all employees stating they shouldn't use public wi-fi when accessing or sending company information.

Another option is to invest in business mobile phones with suitable data plans so employees can create their own personal wi-fi hotspots when they're working away from the office or their home network. These hotspots create a single, protected connection that can help keep hackers away from your company data.

You should also consider investing in the latest business smartphones and ensure all security updates are kept up to date.

As threats to data become more sophisticated, the security software installed on devices is also always adapting to keep up with them.

As well as keeping your basic phone security up to date, you could invest in additional security software and data encryption, or use a Virtual Private Network (VPN) for your employees to use when accessing or sending data when out of the office.

Invest in the right equipment and training

For your business' data to be secure, you'll to need to invest in the latest hardware with built in security features, dedicated security software and training so that employees have an up-to-date understanding of cyber threats. Many of the attacks that happen over public wi-fi occur simply because employees don't know the threats exist.

In summary

Businesses have to rethink how they can keep their business data safe as we move forward into the new world of remote working.

Copyright 2021. Article was made possible by site supporter Gary Scouller of Communications Plus.

What does the * mean?

If a link has a * this means it is an affiliate link. To find out more, see our FAQs.