From bars and cafes to restaurants and retail outlets, there is no shortage of public Wi-Fi networks today. People don’t just want to be online anymore, they need to be online. Businesses are capitalizing on this need by offering free internet to attract and retain customers.
…The only truly effective solution is to enforce a company-wide policy of always avoiding public WiFis and using mobile data only. With the widespread availability of 4G networks, speed and reliability are no longer limiting factors…
In fact, with the recent rise in remote work positions, more people are choosing to work from their favorite establishments than ever. As far as free Wi-Fi is concerned, they’re taking full advantage of the offer.
Unfortunately, remote workers are not the only ones attracted to these password-less networks. Public Wi-Fi hotspots are a dream come true for hackers because not only are they an easy target, but they also allow them access to hundreds of devices connecting to that network daily.
Here are just a few of the many ways someone might use a public Wi-Fi network to compromise your sensitive data:
1. Man-in-the-Middle Attack
As the name implies, an attacker may find some vulnerability in the network to position themselves between your device and the router.
This is usually achieved by sniffing and manipulating data packets being transmitted on the network. So when the user logs in to a website, the attacker may intercept that communication, extract critical data, and then forward the request to the original target.
In this way, the user never notices anything out of the ordinary as everything loads just fine on their screen.
2. Distributing Malware
Many devices come with network file-sharing options turned on by default. This makes public Wi-Fi users an easy target, as the attackers can use the built-in options to freely distribute malware and overtake the entire system.
3. Fake Networks
Some attackers take the easy route of creating their own fake networks. This is sometimes achieved by setting up a hotspot titled “Free WiFi” in some public space and then hoping for unsuspecting victims to take the bait.
However, a lot of people don’t trust random password-less hotspots. So some attackers use evil twins instead. What that means is they create a hotspot with the exact same name as the one offered by a trusted business. But they overpower it by using a stronger signal and actively kicking users off the genuine network.
In either case, users connect to a network that is operated by the attacker, making the theft of sensitive data that much easier.
Trying to Secure Public WiFi Usage Is Not the Solution
Many organizations try to mitigate the risk of public WiFi networks by installing a state-of-the-art firewall solution and forcing employees to use company VPN at all times. Other policies include turning off networked file-sharing options and checking for that HTTPS padlock on the browser before entering any credentials.
Unfortunately, these measures are shortsighted. While each of those solutions adds a layer of safety, none of them are foolproof. They may deter some attackers, but anyone with the technical know-how and some dedication will find a way to break in.
The only truly effective solution is to enforce a company-wide policy of always avoiding public WiFis and using mobile data only. With the widespread availability of 4G networks, speed and reliability are no longer limiting factors.
Better yet, organizations can and should incentivize this move by offering a mobile data package to their employees. The small cost is more than worth the peace of mind that comes from knowing that your company and client data is safe from the perils of public WiFi networks.
Recently, I hosted a webinar along with Chief Security Fanatic Nick Espinoza that elaborated on the risks organizations face as well as measures that should be put in place. If you were not able to attend, check out the recording here. Keep in mind that we host webinars each quarter, so be sure to email us at firstname.lastname@example.org and let us know if you would like to be notified of our next event.
If you need assistance or have questions regarding your organization’s network security, do not hesitate to contact Optistar to speak with one of our Senior IT Consultants.