Employees are used to being connected 24/7. When a data signal is low, or a device is not connected to a data plan, most people don’t hesitate to scan for open WiFi networks, connecting to public or even unsecured private networks. Stop in any major coffee shop and you’re likely to find someone with a tablet or laptop open, working remotely, likely from a public WiFi connection. Go to any airport or hotel and you’ll see even more people using public WiFi. Remote work offers great productivity advantages, but that public WiFi is putting corporate data at risk.
To see how insecure public WiFi is, take this example of a social experiment. A hacker goes into a cafe and, in 20 minutes, knows where everyone was born, what schools they attended and the last few things they Googled. He knows their passwords and could easily steal their identity. The data on their devices? Completely exposed. All thanks to a discreet device that was able to mask itself as a trusted WiFi network to all the smartphones, laptops and tablets in the cafe. The same data could be exposed by anyone using simple freeware.
Although this instance focused on the impact to the individual, let’s look at how that creates corporate risk. Corporate data stored on that device would be breached. If connected to the corporate network, that access could be exploited. Shared password would be exposed, giving hackers future access to the corporate network. Data on the device could be successfully exploited for phishing schemes to the many corporate contacts stored on that device. All from using Public WiFi.
Our own survey results show that at least 27% of Millennial employees (age 18-34), who are beginning to make up the bulk of the workforce, are most likely to be cavalier in device use, doing things like accessing personal email on corporate devices or using public WiFi. Yes, some public WiFi networks are better than others, but none are infallible.
Organizations can also take steps to protect corporate data on the endpoint with:
- Formal Employee Policies – education and training can prevent some breaches or help organizations address potential breach situations more quickly. IT infrastructure can ensure employees stay on the straight and narrow. BYOD and general use policies will provide staff with clear expectations and steps to follow when it comes to using devices that access the corporate network or what to do if a device is at risk, including freezing a device or wiping it clean. The use of a a Device Freeze Policy in Absolute DDS can help IT monitor for suspicious activity and help avoid potential breach situations.
- Data Encryption – this is your “front line” of defense, but you must be able to prove encryption was in place and working in order to satisfy compliance auditors. Encryption is not infallible, so this next point is important:
- A Layered Approach to Data Security – on networks, endpoints and corporate data. The more layers of defense you have, the better. To avoid the risks of WiFi, such layers would include the use of virtual private network (VPN) technology to create a secured connection on WiFi, anti-malware software and the use of technology and Absolute DDS to automatically alert of suspicious behavior and remotely freeze devices or wipe data
With the proper training and IT support, backed with Persistence technology, organizations can make strides to offset the kinds of employee behaviour that put corporate data at risk.