Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

How to avoid WiFi hot spot dangers

Protect users with strong authentication, VPN connection and automatic encryption

Article comments

Security experts say that employees are increasingly exposing personal and professional information unknowingly as they log in at WiFi hot spots. Although these breaches haven't yet made big headlines, given corporate America's increasing reliance on smartphones, laptops and other portable devices, it's only a matter of time, experts say.

Ryan Crumb, director of information security for PricewaterhouseCoopers Advisory Services, has seen all sorts of information gleaned from hot spots - including Social Security numbers, corporate financial data and information about M&A deals - that was never meant for him to see. Sometimes Crumb deliberately looks to see what unprotected data is travelling over the network in public spaces.

"It's an inherent problem with being on a public space," he says.

Steps IT can take to protect data from hot-spot dangers

  • Establish and enforce strong authentication policies for devices trying to access corporate networks.
  • Require employees to use a corporate VPN (virtual private network) and encryption when making a connection and exchanging data; better still, set up employee computers so that devices automatically connect to the VPN and encrypt data after making sure the computer or device hasn't been lost or stolen.
  • Make sure all devices and software applications are configured properly and have the latest patches.
  • Ensure that corporate security policies prevent workers from transferring sensitive data to mobile devices or unauthorised computers.
  • Use air cards, which require a service plan, instead of hot spots for wireless connections.

Crumb, who works with clients to find and fix security weaknesses, says it's not hard to find such data, as it's often heading in and out of hot spots via e-mail.

"Hot spots are great for the coffee shops, but people conducting business have to understand it's their responsibility to protect themselves. They might as well be putting it on a billboard and run down the street," says CISSP Marc Noble, director of government affairs at (ISC)2, a non-profit organisation that educates and certifies information security professionals.

Most employees 'uninformed'

While many techies are aware of the risks of these so-called black holes and what it takes to minimise them, security leaders say the average worker isn't as well informed, leaving valuable data vulnerable.

"It's a hard challenge to fix, because users want to be mobile. They want to use any device to get to their spreadsheets or their presentations at these hot spots," Crumb says. "But all it takes is one vulnerable laptop to tarnish a whole company. All it takes is one misconfigured machine."

Crumb, like others, says it's not any particular computing device that presents the problem. Rather, he says, it's a combination of factors that makes hot spots problematic for data protection.

One problem is the hot spot itself, and Crumb says it's not just the wireless ones but even wired Internet connections that can be danger zones.

"The danger is the public access point. The risk is being on someone's network that you don't control," he explains. "When you're on a public network, it's like being on the Internet without being protected. You don't know who your neighbour is."

Unencrypted information going over these public networks can be seen by those who know how to look, Crumb says. Moreover, he says, laptops, smartphones and PDAs can talk to one another at these hot spots, even when users aren't necessarily looking to do so.

"Anytime you share your network with someone else, your machines can share with each other, then you have this risk of being able to intercept anybody's information," Crumb says.


Share:

More from Techworld

More relevant IT news

Comments




Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *