Wi-Fi hotspots pose corporate security risk

Wi-fi has exploded across Britain this year, and is set to continue growing. The capability to improve mobile working means that wireless technology is allowing networked enterprises to tap into the true potential of their employees. But mobile users accessing the internet from corporate machines in Wi-fi hotspots are often doing so with little or no security controls in place. This could lead to network infection, which can have dramatic financial and operating consequences. With the average corporate enterprise infection costing an estimated £33,000 to repair, preventing infection at Wi-fi hotspots is a critical concern for many organisations.

Following in the wake of the Wi-fi boom, the presence of wireless hotspots is becoming an accepted norm.  These hotspots are public access points to wireless services and can normally be found in busy public centres such as airports, libraries and coffee shops.  Primarily aimed at business travellers, hotspots allow users fast and easy access to the internet via mobile devices such as laptops and PDAs.

However, the use of Wi-fi for remote access from public hotspots introduces a new security question - how secure is that hotspot?  There is no doubt that it is easy to monitor traffic in a Wi-Fi zone.  And it is probably true to say that any unencrypted data passing over these hotspots can be accessed by hackers using simple sniffer tools.  This presents a real problem because, while some public wireless hotspots enforce simple password authentication, many provide no security at all. This means that data is exposed to potential malicious intent as it travels from the wireless access point to the mobile computing device over the public internet, which could in turn be transmitted back to the corporate LAN.  In this case, even though corporate machines may have firewalls installed on them, they give no protection when information is travelling through the wireless 'internet cloud'.

Organisations want to maximise employee productivity, and the ability to wirelessly connect to the corporate network is an important catalyst for achieving this goal.  But as many organisations have found out to their detriment, it only takes one unsecured entry point for a virus to infect an enterprise.  

The corporate security policy for many organisations is often nothing more than a sheet of paper outlining some security 'dos and don'ts'.  Invariably, this information ends up in the drawer of the employee's desk rather than in their head.  It is therefore unsurprising that it has become apparent that the vast majority of security breaches and network infections are caused, not by malicious hackers, but by regular employees who inadvertently compromise the network.  This is because, fundamentally, most workers do not view security to be an issue that they should have to deal with or be responsible for.  When one considers that the average hotspot user holds this view of security, the potential corporate vulnerabilities become apparent.

Companies are beginning to realise that they need a flexible way of controlling their corporate devices to prevent them from being compromised when using public access hotspots, but at the same time allows users to work freely in a secure environment.

There are now solutions on the market that can help organisations to enforce the security settings for individual users depending on their operating environment, to ensure Wi-fi usage is protected.  This means that if a hotspot does not have an infrastructure in place that satisfies corporate security policy then the user's access to the network can be limited.  This includes the ability for enterprises to prohibit access to corporate email from public hotspots.  In this way corporations can realise the promised gains in mobility, convenience and productivity promised by Wi-fi hotspots without risking attack from hackers.

Enterprising companies are discovering that endpoint security solutions are out there which not only can determine whether or not a public hotspot is secure, but also enforce company policy to prevent any security breaches taking place.  As users that are not security experts often cause security breaches, this type of solution takes the responsibility off their shoulders and does the 'security thinking' for them. Once these solutions make their way further into the market then the true business benefits of Wi-fi will become clear.

Ian Schenkel is EMEA MD of endpoint enterprise security specialist for Sygate

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.