Public Wi-Fi networks are often seen in a really positive light – they’re convenient, they provide free access to the Internet, and they help people save on their mobile data usage. Many public places offer free Wi-Fi, including hotels, coffee shops, airports, and libraries, meaning there are plenty of opportunities for your staff to stay connected while on the go.
But if your staff are using them without caution, they can pose a major security risk to your organisation, and here’s why:
Things aren’t always what they say they are
If you’ve ever setup your own Wi-Fi network, you’ll know that you can name it just about whatever you like. Some people choose to be clever (see below!), others will name it after their business or venue, and then there are those who are being deceptive.
Just because you’re sitting in ‘Café Calvertico’ and you find free Wi-Fi showing as ‘Café Calvertico’, this doesn’t necessarily mean that it’s actually the free Wi-Fi from the café – It could be anyone!
They can see what you can see
If you are connected to a public Wi-Fi network and it’s not secure, hackers may be able to see what you’re looking at from your laptop, tablet, or smartphone. This could be your general Internet browsing, private messages, emails, or worse – your Internet banking, login credentials and passwords, or sensitive customer data.
Man in the middle attacks & device hijacking
Device hijacking can occur on public Wi-Fi networks through a technique referred to as “man-in-the-middle” (MITM) attacks. In this scenario, a hacker will intercept the communication between your device and the site/service you are accessing, allowing them to read, modify, or even block the data being transmitted.
Device hijacking can occur If your devices network settings are not secure, allowing a would-be hacker access to your device. Once your device has been hijacked, your personal information could be stolen, or your device could be used to launch attacks on other devices or networks.
Fake websites
Hackers can use public Wi-Fi networks to create fake websites that look like legitimate ones to trick users into providing sensitive information. This could be your login credentials, credit card information, or other personal data. This technique is referring to as “phishing”.
Recently there has been a spate of this activity for popular retail brands in Australia, including Decjuba:
Malware risks
Public Wi-Fi networks can also be a hotbed for ‘malware’ – this is short for malicious software. Malware is software designed to harm your device, steal your personal information, or perform other malicious activities.
Malware can be downloaded onto your device – often without your knowledge – through infected files or software that is downloaded while connected to a public Wi-Fi network.
All device users must be vigilant when downloading files or software, and should avoid clicking on links or opening attachments in email messages from unknown sources.
How can we protect our staff and our business?
The best way to protect your staff – and thereby your organisation – is to:
- Educate staff – Our defence is only as strong as our weakest link. By informing your team of risks such as these we put ourselves in a stronger position.
- Up-to-date Software – Ensure any devices used by your staff are up-to-date with the latest software and security patches. This is particularly important for those organisations that allow BYOD (bring your own device) where staff can bring their own personal devices to the work place and connect them to the company network.
- Suggest using a VPN (virtual private network) – VPNs can help to protect your data from being intercepted, and can also make it more difficult for hackers to hijack your device.
And the next time your staff are considering logging into free public Wi-Fi, remind them of this quote from Dean himself: “Nothing is free, only love”.
Need help?
We specialise in cyber security audits and cyber security awareness training to ensure that your organisation is protected. If you’d like to know more, please get in touch via our Contact page.