Insights

Public Wi-Fi hygiene for your employees

 

Public Wi-Fi hygiene for your employees

Mar 13, 2020

Whether in an airport, hotel or the coffee shop around the corner, your employees will sometimes find using public Wi-Fi unavoidable, despite the risks. Sometimes team members need to respond to an urgent request while traveling or are working remotely because of an office-closing emergency. Whatever the case, the result is that your company’s and clients’ data is likely to flow on these open networks — where malicious actors could intercept it and even use it to gain access to your systems.

The good news? Minimizing the risks is fairly easy, provided you and your employees follow a few simple rules. Think of these as rules of basic hygiene — like digital hand sanitizer for your laptop or phone.

Rule 1: Be picky about the networks you join

Not all public Wi-Fi networks are created equal; some are sloppy and some are inherently dangerous. Train employees who might work remotely not to join such networks by default.

So, what network should employees choose?

Ideally, one that’s secured, requiring either a password to join or routing users through a registration or sign-in page — and that information is provided to you by an employee or signage inside a business. Unsecured networks are open to man-in-the-middle attacks: malicious actors interposing themselves between your data and the websites you visit, logging everything and passing you malware.

Most importantly, verify the name of your chosen network with an employee of the network provider. Take a look at the list of public networks available at Atlanta International Airport, for example, and you might see different options with similar names, like Atlanta Airport Public and ATL Public. One of those could easily be a rogue hotspot, set up by a malicious actor who is ready and able to exploit mistaken connections, so double check those network names.

Second, try to choose public networks offered by name-brand companies like global coffee shops or hotel chains. These organizations have reputations to protect and fairly decent network security.

Rule 2: Don’t make yourself at home on a public network

Even secure public Wi-Fi networks are inherently unsafe, so limit your time on them. After all, you have no way of knowing exactly which security precautions were taken, how frequently software is updated, and so on. You should adjust your behavior accordingly.

For example, stick to websites that encrypt the flow of data. These sites have a padlock icon in the address bar, and the URLs start with “https” instead of “http”; the “s” is for “secure.”

You should also enable Windows Firewall or alternate security program before accessing a public network.

As much as you might want to, avoid accessing any websites or apps on a public network that require you to enter a password or that contain sensitive information. That means no banks or social networks. After all, there’s an elevated chance a malicious actor has compromised the connection, so don’t dangle the keys to your digital strongboxes on public Wi-Fi if you can possibly help it.

If you’re willing to invest, there are ways to avoid public Wi-Fi altogether when out of the office. Most mobile phones can work as mobile hotspots, using cellular data to provide a wireless internet link to another device, like a laptop. Or you can purchase a dedicated mobile hotspot device, which has the advantage of easily supporting several users at once.

Yet another solution might be subscribing to certified hotspot networks such as Boingo or Gogo (the latter is found only on airplanes); some high-end credit cards provide these subscriptions as perks.

In addition:

  • Keep your device’s Wi-Fi, Bluetooth and file-sharing capabilities off when not in use.
  • On a Mac or iOS, disable AirDrop and turn off all sharing.
  • On a PC, turn off file and printer sharing and network discovery.
  • When Wi-Fi is on, set devices to ask before joining networks.

Rule 3: Only charge your phone in an outlet

Do not plug your device into USB ports, which can contain dangerous malware. Criminals have been known to load malware onto public charging stations and leave infected USB chargers. Only use your own cords and plug directly into an AC outlet.

Rule 4: Make a VPN your VIP

Our last rule might be the most useful: If your company doesn’t provide a corporate virtual private network, consider installing and using a VPN service on all your devices, especially when on a public Wi-Fi network.

The additional peace of mind can be well worth the minor cost and inconvenience. These apps ensure that the only site your device directly communicates with is a single encrypted web address. From there, all your internet traffic is routed through private, robust end-to-end encryption. But be warned: A VPN is only as trustworthy as the people who run it, so this is no place to choose a free or low-end option.

But using a VPN doesn’t guarantee you’re 100% safe. There is a chance that whoever set up the network could steal the credentials you use to log into that VPN — especially If your company doesn't require multifactor authentication. If you do log in, you should change your password once you're back on a trusted network.

Play by the rules

Whichever course you choose, the first step to teaching your employees good out-of-office Wi-Fi hygiene might simply be drawing their attention to it. You might be surprised by how few people take the precautions we’ve mentioned here.

A 2017 survey of more than 15,000 consumers in 15 countries by the computer security firm Norton found that 60% of people felt their personal information was safe when using public Wi-Fi — and that number rose to nearly 70% of U.S. consumers, even though more than 40% couldn’t tell the difference between a secured and unsecured network.

Like taking candy from a stranger, public Wi-Fi is not safe. Make sure your employees know that — and know what to do if they must use it — and your hygiene efforts will be well begun. Consider creating guidelines or policies, configuring company devices to default to the safest possible settings and deploying a corporate VPN or VPN service to help keep your data — and your company — safe.

For more tips on working outside the office, visit our COVID-19 resource guide page.

Author(s)

Tom Wojcinski
Tom Wojcinski, CISA, CRISC
Director
View Profile

COVID-19 resource center | Wipfli