Imagine you’re sitting in a coffee shop, travelling by train, or waiting for a flight at the airport. You need to check your e-mails, reply to a colleague, or simply get some work done. What’s the most convenient way for you to get online? Public Wi-Fi, of course. However, that convenience does not look so great once you start considering the risks that come with public Wi-Fi networks. Now imagine that situation not only happens frequently to you, but to everyone who’s a part of your organisation.
That’s why, especially for businesses, remote and hybrid working models can be challenging when it comes to online security. With an increasing number of people (and employees) using public Wi-Fi connections on a daily basis, it’s more important than ever to fully understand the underlying threats and how to effectively protect data. The good news is: this article will provide the information and tips you need to protect your business.
What is public Wi-Fi?
Public Wi-Fi allows users to access the internet for free. These hotspots – as of 2022, over 500 million worldwide and growing are usually available in public places like restaurants, hotels, shopping malls, airports, libraries, schools and public transportation.
The lack of encryption behind this type of network makes it a fertile ground for hackers to access users’ personal information. Simply put, accessing a public Wi-Fi can be compared to putting personal things in an unlocked locker – anyone can open it, really, and go through your life.
In fact, this is not an uncommon thing to occur: in a study conducted by Forbes, 43% of respondents claim to have had their online security compromised while using public Wi-Fi connections, while the most common places for that to have happened were cafes/restaurants, airports and hotels.
The dangers for businesses
The COVID-19 pandemic has indisputably shaped the business world by normalising remote and hybrid working models. While this brings an incredible sense of freedom and flexibility, it also opens the doors to complex cybersecurity challenges.
When it comes to public Wi-Fi, Alter Solutions’ Chief Information Officer (CIO), Filipe Lopes, argues that “the risks and reasons not to use it can vary depending on the network you're connected to. In other words, all public wireless networks present risks and threats, and hide various dangers to the privacy and security of those who use them”.
According to Filipe, some of the most common risks are:
Hackers can easily infect a public network with malicious software, which will subsequently infect users’ devices, when file sharing is enabled, potentially leading to data theft or illegal monitoring. Filipe explains that we can either encounter “a more harmless type of malware, such as the continuous display of advertising (adware), but also a more hostile and damaging type, such as screeners (they record and send copies of what is being done on the device), keyloggers (they record and send what is being typed), or bankers (specialised in obtaining bank details)”.
Man-in-the-Middle (MITM) attacks
A very common public Wi-Fi attack, in which a hacker intercepts communication between a user’s device and another party (a website, for example). This way, the attacker can collect any data being transferred over the network – including business sensitive data. “Besides being simple to execute, this type of technique gives the attacker the most power, since our device is actually sending information directly to the hacker and not to the access point”, Filipe clarifies.
Through public Wi-Fi, hackers can easily expose users to fraudulent e-mails, messages or links that pose as legitimate sources to deceive them into providing sensitive information. Another consequence, Filipe adds, may be the unintentional “download and installation of malware”.
Data and credentials’ theft
Using any of the methods above, hackers can access confidential business information – like e-mails or documents – and use it or manipulate it as they wish. They can also intercept usernames and passwords, gaining unauthorised access to business accounts and platforms, which can cause a lot of damage. “These types of data are usually stored in Cloud services (iCloud, Google Drive, OneDrive, etc.), or in the device itself”, Filipe says.
If you walk into a restaurant called X and, in the Wi-Fi networks’ list, find something like “RestaurantX_FreeWiFi”, would you not access it? Well, that is one successful technique used by hackers: to create a fake Wi-Fi network in order to gain access to users’ devices and data.
How can businesses minimise public Wi-Fi risks?
In an ideal world, the simple answer would be: don’t connect to public Wi-Fi networks. But since it’s unrealistic for companies to prohibit the use of public Wi-Fi by their employees, especially because a relevant part of remote workers is required to be available at any time, the solution is to ride the wave in the most secure way possible.
Fortunately, there is plenty that can be done to protect both employees and businesses:
- Recommend disabling automatic connections
Advise employees to turn off devices’ settings that allow them to automatically connect to nearby Wi-Fi networks, even when they’re deep in their pockets or backpacks. Another thing anyone can do is “forget” a public Wi-Fi network after using it, making sure they won’t unintentionally connect to it again.
- Secure connections, always!
Advise your employees to always check with the business they’re making a Wi-Fi connection to the correct network name (thus avoiding accessing rogue networks). Then, only HTTPS websites, which are properly secure, should be accessed. Also, it’s important to let your employees know that even before making a connection the danger may already be there – this means they should be cautious if the public network asks for personal logins from an existing account (e.g.: Facebook or e-mail), or for the installation of an authentication device.
- Install robust security solutions
Having a firewall enabled at all times, as well as regularly updated anti-malware protection, are a must on all work computers and smartphones. This way, you’ll minimise the impact of web threats and be alerted if there is any suspicious activity in your devices or system.
- Advise turning off file sharing settings
When accessing a public Wi-Fi, all employees should disable file and folder sharing options (like OneDrive, Google Drive or AirDrop) in their devices, to make sure nobody else connected to same Wi-Fi network has access to work files.
- Encourage mobile hotspots
Instead of connecting to public Wi-Fi networks, employees should be informed to prioritise getting online by using their smartphone’s data. That is usually a more secure connection and password protected.
- Ensure a strong password policy
Require all users to create unique and strong passwords, made up of a combination of uppercase and lowercase letters, numbers, special characters, among others.
- Keep track of your vulnerabilities By regularly using auditing services like Pentesting, you make sure your IT infrastructure is healthy and identify potential vulnerable areas that need improvement.
- Raise employees’ awareness
Provide regular training to make sure everyone on your team – remote workers or not – are fully aware of the dangers of using public Wi-Fi and the measures they can take to prevent cyberattacks.
- Set up a Virtual Private Network (VPN)
This is a particularly important measure. **Thiago Juliani, Senior Security Advisor of act digital**, Alter Solutions’ parent company, explains why: “VPNs protect data transmitted over the Internet, making it inaccessible to third parties. This is vital for protecting confidential information and intellectual property. It also helps maintain users' online privacy by hiding their real IP address and preventing third parties from tracking their online activities.” Alter Solutions’ Filipe Lopes agrees: “The VPN is a very important factor in companies' information security today. Without effective control of access to information, companies risk having their information stolen and exposed, which may cause major financial and reputational impact.”
Security and infrastructure challenges to overcome
Both Thiago Juliani and Filipe Lopes agree that one of the biggest challenges to be considered when managing a business’s security infrastructure is the correct parameterisation of the VPN. Filipe believes that “if it isn't guaranteed that employees can access everything they need to carry out their work, then this measure can have a major negative impact on the day-to-day life of the employee and the company itself.”
Thiago Juliani goes a bit further and identifies the following related challenges:
“Accommodating several employees and devices in a VPN requires significant resources, such as bandwidth and servers”.
- Redundancy and availability
“Ensuring that the VPN is always available and resistant to failures is complex.”
- Key and certificate management
“Managing encryption keys and certificates on a large scale can be challenging.”
- Monitoring and auditing
“Monitoring VPN traffic and carrying out audits on a large infrastructure is complex.”
Even if businesses overcome these VPN-related challenges and implement all the preventive procedures previously mentioned, one of the most important and proactive things they can do is invest in effective cybersecurity solutions, a service Alter Solutions provides. The goal is to be able to block or, eventually, address cyber threats that may come your way, whether they come from public Wi-Fi networks or any other source.
What does the future hold for public Wi-Fi and businesses’ security strategies?
“The trend is, undoubtedly, for more public Wi-Fi networks to be made available to the general public”, Filipe Lopes believes. “However,” he adds, “this will force companies to** increasingly implement security solutions** (VPNs, monitoring, restricting access to information from unidentified devices, etc.) and to raise awareness of their employees to the risks of connecting to public Wi-Fi networks in order to prevent the theft of company data.”
Thiago Juliani is also optimistic when it comes to the role security solutions will play in the future. According to act digital’s Senior Security Advisor, these are some of the future trends to be expected: 5G as an alternative “It can compete with public Wi-Fi networks, offering higher speed and greater security.”
- Enhanced security
“Stronger encryption and advanced authentication is expected on public Wi-Fi networks.”
- Integration of 5G and Wi-Fi 6*
“Companies may adopt a hybrid approach, taking advantage of both 5G and Wi-Fi 6 to offer secure Internet access.”
- Security regulation
“Regulators can impose stricter security standards on public Wi-Fi networks, increasing protection.”
- Internet of Things (IoT) and Edge Computing
“The proliferation of IoT devices and Edge Computing could increase the complexity of security on public networks.”
*Wi-Fi 6 is the sixth generation of Wi-Fi, that aims to connect users to the Internet more efficiently and quickly. It reaches a maximum speed of 9.6 Gbps, while Wi-Fi 5 offers a maximum of 3.5 Gbps.
Now that you’re more familiar with the risks of using public Wi-Fi networks, future challenges and possible solutions to overcome them, you’re much more equipped to develop a strong security strategy for your business, as a way to protect your data, resources and employees. Ready to start?