Remote workers using public Wi-Fi introduce cyber-security risks that can be exploited.
Each day, remote workers are opening up their laptops in cafes, pubs and other unsecured public Wi-Fi services to access their company network and resources. These workers are part of what's being called the "remote working revolution".
Technology is at the centre of this non-traditional working revolution thanks to communication applications like Skype and Slack. Unfortunately, these flexible working habits present a big cyber security risk, which companies and employees often overlook.
The problem is that when workers head to their favourite café or pub and log into the convenient Wi-Fi that doesn't require a password, they are placing a huge amount of trust in the hotspot's owner and hoping that there aren't any would-be scammers sitting inside or outside broadcasting the same SSID's for example.
Newer routers are more secure, but rely on their owners to keep the hardware updated. The bigger threat is from fraudsters, who can eavesdrop on unencrypted activity using simple software, or even create fake wireless hotspots to mimic legitimate ones by naming their network after a café or SSID to make it look authentic.
Once hackers have done this, it's simple to intercept unencrypted data, wait for you to open unsecured sites, or even create phony versions of real sites in order to steal your private data. This in turn has created a huge cyber-security risk for small businesses and companies adopting more flexible attitudes to where their staff work.
Most employees use email programs like Outlook or Gmail. While Gmail offers some protection due to its two-factor authentication and is introducing access controls to non-secured websites, it wouldn't take much for a scammer on an unencrypted network to mimic a web-based email client, and then scrape a users' details when they try to log in.
Once that's done, hackers can log into accounts, and scan through reams of emails in order to dig out juicy company details such as payslips, invoice details, and personal data. Before you know it, scammers have access to the internal mechanisms of your company.
Businesses can protect themselves from attacks by making staff aware that company policy regarding the use of Wi-Fi is restricted to mobile phone hotspots. Ensure up-to-date operation of firewalls, antivirus, and malware software on staff computers to make sure there aren't any chinks in the company's armour; and regularly install software updates, as they typically contain security patches.
Finally, use VPN technology with 2-factor authentication. Any service that supports 2-factor authentication is not to be ignored and I recommend you to use it however annoying. For example if using Outlook 365, activate the 2-factor authentication for this service. 2-Factor authentication is not insurmountable but it helps protect at the basic level.
I understand the benefits of small companies encouraging staff to work remotely. It reduces office costs and supports flexibility. However, companies need to steer users towards security and company policy which should address the use of public Wi-Fi as not being permitted.
Remain diligent. Not all coffee drinkers are in the café to enjoy the coffee. There are much more enjoyable things presented over free Wi-Fi to the "cyber-enemy".
MIET, MBCS, Security & GDPR Specialist