How to keep your company data safe on public Wi-Fi
Coffee shop Wi-Fi is evil. So is every other public Wi-Fi.
That’s because open Wi-Fi has no security. Full stop, period.
We’ve all heard that we should be careful about what we do on public Wi-Fi because there could be someone reading our emails or eyeing up our bank accounts in our neighborhood coffee shop or on an airplane. Some privacy advocates warn against signing into New York City’s public Wi-Fi, too.
Protecting yourself is easy: Don’t use public Wi-Fi. But in the age of mobility and the “always online” mentality, that can seem unrealistic for some. What can your employees do to protect your organization’s data (and their own private data as well) when they’re traveling or out of the office?
Here are five reminders and best practices for working on public Wi-Fi.
1. Before you go on, think twice. Compute space lies at two points: endpoint devices and the data center. The gap between the two is where information is vulnerable, because even the smartest computers are operated by humans, and we tend to make mistakes out of convenience.
Security is inconvenient, and it’s easy to log onto the public Wi-Fi in a coffee shop, on the street, or 30,000 feet in the air. But what security do you risk because you follow the path of most convenience? Even if your endpoint device and data center are secure, the middle ground that connects the two might not be.
So before joining a public Wi-Fi network, think again. Use your network’s cellular data instead, a better option because hackers have more difficulty tracking devices, and thus snooping on your data, when you’re connected to a cellular network (plus it’s convenient and relatively inexpensive).
2. Look for the S. If you do need to do work, make sure you’re working on a secure HTTP connection — that’s any website that starts with “https.” This Secure Sockets Layer (SSL) adds encryption between the endpoint device and the data center it’s communicating with. Though it’s not unbreakable, that level of encryption is considerably more secure than a site without this protocol.
Again, risk abatement is the crucial issue and you should be careful what data you input on public Wi-Fi. If you need to connect to these networks, try to only visit sites with this layer of protection.
3. Use a VPN. Organizations may choose to deploy a virtual private network (VPN), giving employees an encrypted, safer connection on Wi-Fi. SSL security is actually one type of VPN. But another example of a private network is an IPSec VPN, an application with a level of security that’s capable of encrypting flows of data. Plus, this security layer can enforce other rules and policies, further protecting an employee’s data from leaving the network. IPSec VPNs can limit split tunneling, ensure security programs are updated and turned on, and activate other endpoint protection controls like firewalls.
A mobile device management system can help by encrypting the data on a device and wiping it remotely, and by enforcing complex pin numbers and passwords. But generally, MDM falls short on this central issue because mobile devices are built to connect to Wi-Fi, and an MDM solution is unlikely to disable a phone or tablet’s Wi-Fi capabilities.
4. Don’t rule out multifactor authentication. Multifactor authentication on the application level can beef up security and better protect data. It has three main components: a username (who you are), a password (what you know), and a fingerprint or random number generator (what you have). Many applications will demand multifactor authentication so it is harder for outsiders to access the data locked behind these programs, adding another layer of defense.
Three factors of authentication make it harder for outsiders to snoop on emails and private data, reducing your employees’ risk profile.
5. Persistent training is key. Really, the way IT can help employees protect their data is through better training and education. Training sessions and constant reminders will drive home the point that logging onto public Wi-Fi poses a risk and could damage the organization’s reputation and IP. The key here is showing your employees that a little bit of inconvenience through layers of SSL or VPNs, or waiting to check email, is the best form of data protection. Though it is more of a hassle, avoiding these public Wi-Fi spots will better protect your organization.
Risk is everywhere, so avoid this one easily
We’re drawn to public Wi-Fi because it’s convenient and free – what can be better? But plenty has been written about the hacks and snooping that come from users logging onto public Wi-Fi connections and not protecting themselves.
We live in an IT world where defense is critical but often ignored. So it’s crucial that your employees be careful what Wi-Fi they connect to. If they can’t log onto a trusted network, they should use cellular data or at least a VPN.
Public Wi-Fi puts your information at risk. IT administrators can help users better understand those risks by providing consistent training and reminders, and giving them ways to protect themselves and your organization’s data.
How do you educate employees about public Wi-Fi? Leave a comment below.