When was the last time you used free Wi-Fi for work? The chances are it wasn’t that long ago, given the soaring popularity of mobile working these days. Whether you’re on a train, in an airport lounge or sipping a skinny latte at your local coffee shop, connectivity is crucial in today’s fast-paced corporate world. But while free hotspots might be ultra-convenient, they can often be more like the ‘Wild West’ when it comes to Wi-Fi.
Log in to your corporate network via one of these access points, and you could very quickly become the most unpopular person in the office, if you inadvertently open the doors to a cybercriminal.
The world is going mobile, and the corporate sphere is no different. A perfect storm of powerful, affordable and highly-portable devices, cloud-based business tools, and a renewed focus on staff productivity has made mobile working commonplace for many UK businesses. Over 30% of employees in the US and Europe work outside the office most or all of the time, according to analysts Frost & Sullivan – and in EMEA alone, a quarter of staff do so – the firm claimed last year. If you need any further proof, market watcher IDC is predicting that in the US, the number of mobile workers will rise to a staggering 105 million by 2020 – that’s nearly three quarters of the global workforce.
With most of our working day spent online and in the cloud, connectivity is essential, and we need to be able to get online wherever we go. It has to be fast, easy to use and available from any device. But here’s the thing – the reality is that too often we want connectivity anytime and anywhere, and that means logging-on to free Wi-Fi hotspots when out and about.
A risky business
So what exactly are the risks of using a free Wi-Fi network? One of the most common is a ‘Man in the Middle’ attack. As the name suggests, the hacker inserts him or herself into a conversation between the victim and another party, allowing him or her to intercept, send and receive data. In doing so, the hacker could grab user passwords and other credentials for sensitive accounts like your online banking or corporate log-ins.
Another type of attack with a similar goal uses “packet sniffing” technology to capture data transmitted over a shared network. In this case, an attacker reads your data over an unsecured network and can decide to modify it, without the knowledge of sender or recipient. Such an attack then allows the hacker to do things such as seed false information, for example, which could be incredibly damaging to a company. Identity spoofing is yet another danger associated with public Wi-Fi networks. An attacker uses tools to craft IP packets, so they appear to come from a valid address, such as a corporate account. But after gaining entry via that faked IP address, he or she can then modify, reroute or even delete data.
It’s impossible to know how many mobile workers have been caught by one of the above attacks. In fact, many may have been hacked without even knowing it. But we do know that it’s child’s play even for cybercriminals with only limited technical expertise. To demonstrate, security firm F-Secure teamed up with pen-testing specialists Mandalorian Security Services and the Cyber Security Research Institute last year to hack several high-profile lawmakers. In no time at all, they were able to spy on private emails and eavesdrop on VoIP calls.
Luckily there are some easy ways to stay safe. The most obvious, of course, is to avoid sending or accessing sensitive information whilst using free Wi-Fi hotspots. That means not logging in to any corporate accounts for starters. Next up it’s important to use a password manager. These tools generate a new, completely random access credential each time you log in, so that even if your passwords are compromised, they won’t work again for the hacker.
Corporate network administrators would also do well to mitigate risk by rolling out strict authentication and authorisation policies to manage who gets on the internal network. Banning any access from unsanctioned IP addresses and free Wi-Fi networks would be a good start. And finally, make sure the corporate VPN is enabled. If the organisation doesn’t provide such a service, at least make sure you are encrypting your online data over the most vulnerable segment of the net — the span between your device and the internet gateway.
Free Wi-Fi networks might be fast, simple and convenient, but they could also be a one-way ticket to identity fraud and mass corporate data theft. So remember to be vigilant, and stay safe next time you log on.
By Mato Petrusic, VP APAC & EMEA, iPass