Common sense goes a long way in making sure cybercriminals in the coffee shop don’t find a way to tap into your enterprise systems.
Just about every business has end users working on the road, visiting with customers and vendors, or traveling to remote offices. You need them to stay connected whenever possible so they can collaborate, access information, and do the things that keep your business running.
That means they’re likely jumping on open and often unsecured wireless networks whenever they can—in building lobbies, airports and coffees shops. But guess who else might be lurking on those very same networks...
Cybercriminals hang out where mobile users do, hoping to hijack their connections. They might be after personal information such as credit card numbers or PII, but they might also come across some of your sensitive digital assets.
Mobile users typically log onto WiFi hotspots without considering what they can do to protect their private information and the information belonging to their employers. That’s a big risk because cybercriminals can tap into usernames and passwords—sometimes without having to decrypt network traffic.
If they do breach one of your mobile user’s devices, they can exploit the open connection to carry out man-in-the-middle attacks, upload malware, and steal information—perhaps from your corporate network. Sophisticated cybercriminals may even set up rogue access points, tricking your mobile users into thinking they are logging onto a legitimate WiFi network. Any data users transmit on such a network is automatically saved to the cybercriminal’s computer.
If it’s a salesperson checking into your CRM platform, your whole customer list might be headed out the door!
Tips to Stay Safe
Below are several tips1 to help your end users stay safe on public WiFi networks to keep their information as well as yours protected. Some of the advice can only be followed by the end users, meaning you’ll need to educate them. But there are a couple of proactive measures your IT team can take as well. It helps if your business utilizes a mobile device management platform that allows IT to automatically upload software to mobile devices and forces end users to adhere to your security policies.
- Use WiFi That Requires a Password: Although WiFi networks requiring passwords can still be hacked, they provide a level of protection beyond wide open networks that do not require any password at all. This may require some advance scouting so employees can be informed of which coffee shops, restaurants, hotels and areas of the airport require passwords. The harder it is to get the password, the better. For example, if end users can only get the password on a receipt, that’s more likely to deter a cybercriminal than a password posted out in the open.
- Turn File Sharing Off: Most devices have file-sharing options that assume you’re on a trusted network with other trusted computers. Request that end users turn off file sharing and enable their built-in firewalls. They should also keep Internet-connected apps and services to a minimum. Users can automate these settings so that their device is open when on a trusted wireless network, but will automatically switch to a more secure set-up when they’re not.
- Turn WiFi Off When Not In Use: There’s no need to have WiFi on unless accessing an online service or downloading email. You can also train end users to download local copies of email and documents and then work with those offline. They can then go back online when they’re ready to send something back.
- Keep Anti-virus, Anti-malware and Patches Current: New forms of sophisticated attacks are emerging all the time. Without regular updates and patches to anti-virus, anti-malware, and application patches, devices are more vulnerable. Ideally, set up a process to automatically upload updates to devices when first available (via a mobile device management platform). Leaving it up to your end users is too risky.
- Install Privacy-Protecting Browser Extensions: End users have a habit of clicking on ads that can do real harm to their devices and may, in turn, make it possible to breach the corporate network. An ad blocker can protect end users from hijacking and clickjacking.
- Look for HTTPS: Rather than using <HTTP> sites, have end users look for <HTTPS> sites. Many companies offer both, and add-on tools are available that automatically fail mobile devices over to the <HTTPS> site. HTTPS is not guaranteed to keep users secure, but information that goes back and forth is at least encrypted.
- Use a VPN: The connection might be slower, but the best protection from an open WiFi network is encrypted access to your corporate network via a VPN. Whether you use a third-party provider or create your own, using a VPN makes sure all of your data is encrypted and locks out unauthorized users.
Practice Common Sense
Beyond the tips above and add-on tools that protect mobile devices from cybercriminals, the best advice we can offer is to coach your end users to use their common sense. Implore them to avoid working with sensitive data at all times when using unsecured, public WiFi.
It may be a good time to check blogs or competitor websites, but it’s probably not the best time log in to the company ERP and CRM systems. Even with email, end users need to be careful. Attachments could contain sensitive information such as a sales proposal.
Mobile device security and end-user common sense need to be turned on 24x7—it only takes a click or two for a cybercriminal to steal information.
- Excerpt adapted from, “Top 10 Ways to Stay Safe On Public WiFi Networks,” Lifehacker, 2/04/17.