Public wireless networks (public wifi, public wi-fi networks) and Wi-Fi hotspots provide unparalleled convenience to mobile and remote users who need internet access while away from their home or business network. However, these networks are frequently unsecured, which leaves users who connect their devices to them in danger of their data being stolen and various other forms of cyber crime.
I wish I could say differently, but the truth is that the majority of mobile and tablet users either ignore or are unaware of the cybersecurity dangers they face each time they connect to public Wi-Fi. According to Kaspersky Lab, “70% of tablet owners and 53% of smartphone/mobile phone owners stated that they use public Wi-Fi hotspots.”
Although private wifi networks also can be vulnerable, when you or your employees connect to the internet via a public Wi-Fi network to access your business’ files and applications, it opens your network to a significantly higher risk of attack.
But, why are these networks so vulnerable and dangerous to the safety of your organization and data? Read more to learn about the dangers of using public Wi-Fi networks and why you should avoid using them.
The Dangers of Connecting to a Public Wi-Fi Network
1. Most Public Wi-Fi Networks are Unsecured
Even if a public Wi-Fi network requires a password, that doesn’t automatically mean that it's secure or even that your information is encrypted.
According to the Federal Trade Commission (FTC), “Most Wi-Fi hotspots don’t encrypt the information you send over the internet and aren’t secure. If a network doesn’t require a WPA or WPA2 password, it’s probably not secure.” However, last year, a devastating flaw (dubbed KRACK, short for “Key Reinstallation AttaCK”) was discovered in the Wi-Fi Protected Access (WPA) security protocol itself that left the passwords, credit card information, files, and other data being transmitted via the encrypted Wi-Fi networks vulnerable. It does this by manipulating the multi-step handshake protections, tricking it into breaking the encryption to provide the malicious user access to the data being transmitted.
This year, the Wi-Fi Alliance released a new Wi-Fi security protocol called WPA3, which aims to be more resilient, bringing new enhancements while also addressing some of the weaknesses of its previous incarnation.
Many tech companies and manufacturers began rolling out patches and updates to address the KRACK vulnerability that was discovered in Fall 2017.
2. Rogue Networks Enable Man-in-the-Middle Attacks
A risk that many people may not realize is that there are rogue public Wi-Fi networks that are used by hackers to facilitate man-in-the-middle (MitM) attacks. These attacks are used to infiltrate, eavesdrop or even alter the communications between two or more parties to gain access to their sensitive information.
Malicious users seek these types of opportunities on public Wi-Fi networks to hijack data that is sent over unsecured wireless networks using man-in-the-middle attacks and commit other cyber crime — with devastating results.
According to the 2018 Cost of a Data Breach Study: Global Overview that is sponsored by IBM and conducted by the Ponemon Institute, the average cost of a data breach is $3.86 million with an average cost of $148 per stolen record.
3. Even Using SSL on Wi-Fi is Not as Secure as What You May Think
When browsing the internet, it’s always a good rule of thumb to use secure socket layer (SSL), a form of encryption that helps to protect the exchange of sensitive data between a user and a website. This is particularly the case when operating on a public Wi-Fi network. An example of this is when users access websites using the “HTTPS” prefix rather than “HTTP.” Historically, this is viewed as adding an additional layer of security to your connection.
However, HTTPS-protected web pages aren’t invulnerable to attack, either. Malicious users can use tools like the SSLstrip script to force improperly configured websites to downgrade their connections from HTTPS to HTTP, which causes them to transmit unencrypted data that they can intercept.
All of these things means that whenever you or your employees connect to a public wi-fi network, it’s important to assume that it is unsecured and to act accordingly. One of the ways that companies try to mitigate this is to avoid using public wifi whenever possible. However, in the cases when they do need to connect to it, they should do so while using a virtual private network (VPN). As a note: Don’t just use any free VPN — be sure that your employees connect using a reputable VPN service provider.
Ultimately, public Wi-Fi networks are a dangerous place for even experienced and informed computer users to be. However, it’s even more so a danger for employees who lack an understanding of good cybersecurity hygiene and computer cybersecurity best practices. The security of your network, at its most basic level, depends on the behaviors and practices of your employees and other network users. This is why so many companies these days are investing in cybersecurity user awareness training.
To learn more about how cybersecurity threats and best practices can affect your bottom line, be sure to check out our new complimentary resource by clicking on the link below.
Do you and your employees use public Wi-Fi networks when away from the office? What are you doing to protect your devices, network, and data? Be sure to share your thoughts in the comments section below, or send me an email to continue the discussion with me directly.