While experts have warned about the perils of connecting to unsecured public Wi-Fi hotspots in the past, new research has revealed that organisations are suffering more from security issues than in the past because of an ever-growing mobile workforce that frequently connects to Wi-Fi hotspots across the country as well as abroad.
A survey of 500 CIOs and IT decision makers at organisations in the US, the UK, Germany and France by security firm iPass has revealed that while enabling employees to work on their own devices while travelling or staying at home may have enhanced their productivity, the concept has also ensured that their organisations have to deal with more mobile security issues than in the past.
Over 80 percent of IT decision makers told iPass that they had seen Wi-Fi related security incidents in the last 12 months that occurred after employees connected their devices to unsecured public Wi-Fi hotspots. A vast majority of such incidents took place after employees connected their devices to hotspots at cafes and coffee shops, airports and hotels.
In order to enhance employee productivity, a number of organisations have implemented BYOD (Bring Your Own Device) policies to allow employees to use their own devices at work. However, while 92 percent of those interviewed by iPass said that BYOD had increased mobile security risks, 94 percent said that an increasing mobile workforce brought with it an increasing number of mobile security challenges.
This may not be surprising as the Annual Market Survey carried out by SailPoint last year had revealed that while 72 percent of organisations in the UK had adopted BYOD and SaaS applications, only 53 percent had formal policies in place to protect corporate data.
SailPoint noted that while 53 percent of organisations had BYOD policies in place, employees at around 30 percent of organisations did not follow such policies, thereby exposing sensitive corporate data to malicious outsiders.
“There is no escaping the fact that mobile security threats are rising. So while it is great that mobile workers are increasingly able to work from locations such as cafes, hotels and airports, there is no guarantee the Wi-Fi hotspot they are using is fully secure,” said Raghu Konka, vice president of engineering at iPass.
“Given the amount of high-profile security breaches in recent years, it's not surprising this issue is on the radar of CIOs. The conundrum remains: how can they keep their mobile workers secure while providing them with the flexibility to get connected anywhere using their device of choice?”
In order to reduce such security risks, 27 percent of organisations have banned the use of free Wi-Fi hotspots at all times, 40 percent of them ban them occasionally, and 16 percent are planning to ban their use in the future. As many as 46 percent of organisations are also ensuring that their employees are using VPNs to carry out online activities.
In the UK, the seriousness of organisations in preventing their employees from connecting their devices to public Wi-Fi hotspots was found lacking compared to those in the United States, Germany or France. While 42 percent of organisations in the UK have no plans to ban the use of free Wi-Fi hotspots, the share of such organisations is just 10 percent in Germany and 12 percent in France.
At the same time, organisations in the UK have also expressed the least confidence about the fact that their employees are using VPNs while accessing the Internet. Compared to 53 percent of German firms who are confident that their employees use VPNs, only 38 percent of firms in the UK share that belief.
Commenting on the survey's revelations, Ed Williams, EMEA Director of SpiderLabs at Trustwave, told SC Magazine UK that organisations are not serious at all in preventing their employees from connecting their devices to public Wi-Fi hotspots.
"Public Wi-Fi has now become the norm, people tend to work remotely or on the move; the power of smartphones and business pressures are such that people connecting to untrusted networks to get their work done is now an ‘accepted' practice without, in my opinion, proper due diligence around the risks and potential impact to the individual and organisation. When it becomes the norm, this then allows malicious actors to abuse the implicit trust around public Wi-Fi hotspots," he said.
When asked about what steps organisations should take to reduce mobile security issues, he said that the solution is multi-faceted around people, process, and technology.
"The organisation and individual users need to understand the risks and impact, this is a fundamental first step, any data traversing this untrusted network can be stolen, monitored and even altered in transit. User awareness is absolutely paramount, users need to understand the risks and can then make informed decisions," he added.
He suggests that employees should turn on Wi-Fi only when needed in order to stop automatic connections to previous Wi-Fi hotspots which could be malicious. At the same time, organisations need to create processes to ban the usage of unsecured Wi-Fi hotspots, to make the use of VPNs mandatory, and to ensure that employees visit only trusted sites that are HTTPS-enabled.
