Great guest post from the guys at Corrata, who offer organisations control over employees’ use of mobile to tackle the explosive growth in mobile data costs and security threats.
How to make sure your staff’s summer browsing doesn’t ruin your business
The three things you need to be aware of, to keep you, your staff, and your company safe.
- Your staff are going to use free wifi hots spots when they are on holiday.
- Advising them to use encrypted and/or brand name access points is a false comfort because even these can be compromised.
- Given the above, there are three things you can do: encrypt, educate them to use the cellular network for business purposes when travelling and to understand the difference between trusted and untrusted networks.
It’s the time of year when everyone’s heading off for a well-deserved break at their favourite holiday hotspot. And while they may be away from the office, it is a rare employee these days that doesn’t take their main communication device away with them. This could be their smartphone, tablet, watch or anything else they can use to go online. This, as we all know will lead your staff to seek out the most convenient high-speed access they can find. Inevitably this means using free public Wi-Fi at airports, tourist information centres, cafes, bars and lots of other places.
How should you protect your company data in these circumstances? Is it enough to advise your employees to always use password protected Wi-Fi hotspots provided by reputable brands? Unfortunately, it is much more complicated than that. In this blog post, we’ll explain why and make some suggestions about practical steps you can take to reduce the risk from ‘vacation time Wi-Fi’.
The danger of public WiFi
It’s is important to understand that even if you are using a public Wi-Fi connection which is password protected your online activities are still vulnerable. If the network is public then hackers can access the network too. It is always better to assume any public Wi-Fi network is a high-risk place to go online and that your traffic will be exposed to sniffing (i.e. potentially monitored by unauthorised third parties who you don’t want to see your data). Strong Wi-Fi encryption (such as WPA2) helps but there are plenty of other vulnerabilities that can still be exploited by hackers. The reason for this is that public Wi-Fi at hotels, coffee shops and other places are often administered by staff without a strong technical IT experience or security knowledge. Systems can easily be misconfigured, lack the latest security patches and will often use domestic rather than the latest enterprise grade equipment. Access points are rarely in physically secure locations which makes it trivial for an attacker to compromise the device with malicious software. Public Wi-Fi networks are rarely monitored for threats or suspicious activity. Free Wi-Fi provided in public outlets is an ‘add-on’ service, run by people whose main objective is to have a sign saying ‘free Wi-Fi’ to draw business and but with little concern about the security of your data!
Rogue or fake access points are another source of attacks to your data when you are browsing online. It is easy to quickly setup a laptop as an access point in a hotel lobby and then ‘entice’ devices to connect. Once traffic is captured in this way there are multiple techniques for stealing data, even data that is encrypted.
— Corrata (@Corrata_co) August 13, 2017
What can you do to mitigate risk for your organisation?
Three easy steps to make your company and staff’s data more secure:
Make sure all corporate apps use encrypted communications. A hastily launched or upgraded app developed internally or by a third party on behalf of your company may not use encryption at all times. You can use a product like Corrata to monitor unencrypted communications from wireless devices. This will help to identify potential security issues.
Use cellular data whenever possible for work related communications. The big advantage of cellular radio networks over Wi-Fi is that all traffic over the radio interface is encrypted. In addition, it is very difficult to fool a device into connecting to rogue infrastructure. While in the past roaming data cost and network speed would have been a concern, however, this is less of an issue now as costs have fallen and 3G or 4G is readily available. Typically business use is relatively low bandwidth, particularly when compared to nonbusiness use like video streaming for social media and entertainment apps.3. Alert users to the distinction between trusted and untrusted wireless networks.
Use trusted networks. This includes the corporate WLAN, the cellular network and, generally, staff’s home Wi-Fi. Everything else should be considered as untrusted and not suitable for business use. Employees need to be aware that their privacy and security, and that of their employer, are compromised when they use these networks outside the safe zone.
Encryption remains the bedrock of keeping your data secure but the second line of defense is using networks whose integrity you can rely on.