The latest research by global travel management company Carlson Wagonlit Travel indicates that the majority of business travelers have grave reservations about the safety of their data when using public Wifi networks. Public WiFi security has long been an area that has concerned security professionals – but these concerns are now shared by those who access public WiFi hotspots in airports and other stopover points (such as coffee shops) during their global travels.
According to the research 72% of travelers in the Asia Pacific region were not confident about the safety of employer data during their trips. U.S. travelers on the other hand were the most sanguine about the safety of their data with 46% were confident that public WiFi security was adequate. European travelers were least confident with only 27% unworried about their data security when using public WiFi networks. Of the 2,000 global business travelers surveyed, 65% were less than confident about public WiFi security issues.
Top cyber security concerns
However, it was not only public WiFi security that concerned these travelers. The top three concerns were first and foremost physical theft of devices (or simply losing the devices) and secondly exposing company data to prying eyes while working on their devices. However, by far and away the greatest concern was being hacked while using public WiFi. The concerns around public WiFi were echoed in some of the other issues that were voiced by these travelers. Many were worried about cyber security while using email or even opening company documents.
It is not only the use of public WiFi that appears to be problematic. Around 37% of business travelers admitted to downloading unknown files from unrecognized users – about the same percentage who opened a phishing email. Whether this is simple ignorance or a willful refusal to adhere to company guidelines is not made clear in the report. However, the facts are that a lot more needs to be done on a number of fronts. Firstly, business needs to be doing more to educate users about the potential dangers of using public WiFi – and security professionals in organizations need to be more proactive in the firewalls that prevent behavior like this.
The issue of training and education was addressed by Andrew Jordan, executive vice-president and chief technology officer at Carlson Wagonlit Travel when he noted that, “These percentages can surely improve dramatically with better training on data safety.”
Proactive response to public WiFi security
The research did highlight the fact that a large percentage of employees were proactive in the actions they took once they became aware of a data breach. 37% claim to have shut down their devices, 25% immediately reported the breach to their company’s while 34% reached out the company IT department. Hearteningly 62% of respondents reported knowing how to report a phishing email to the company.
However, the research also revealed that less than 20% of business travelers received regular and formal communication on data security from their company. 34% indicated that the company was proactive in informing the business traveler of what constitutes risky behavior.
“These results show there is still a lot to do around educating travelers on how to look after their company’s data. For instance, connectivity in public spaces can put company data at risk. Awareness and training is the key to protecting against any possible security breaches,” adds Jordan.
The concerns of business travelers seem to echo wider security concerns surrounding the use of public WiFi. In early 2018 leading security publications revealed that a massive flaw was discovered in WPA2 the encryption standard that secures all modern WiFi networks.. This led to one security writer providing the following advice, “When considering whether to connect to the public WiFi network at your local coffee shop, the airport, etc., I have two simple words of advice—don’t and DON’T.”
Security education is key
Aside from the undoubted peace of mind that would be provided by simply not using public WiFi networks, companies need to engage with their employees and provide guidance around data security when business people are connecting to public WiFi. And this education cannot simply be limited to business travelers. It should encompass all employees who are using devices (of various types) to access company networks.
Employees need to understand that ‘man in the middle’ attacks on their internet connection are one of the most prevalent ways in which hackers gain access to either data held on a person’s device or personal data that will allow for further attacks on a company network. By using a public WiFi network, the employee is not simply talking to a hotspot – they may very well be talking to a hacker.
Among the recommendations is that employees should refrain from sending any personally identifiable information (PII). This includes banking information, social security numbers and home addresses. Also, employees should avoid sites where signup requires information such as email addresses or phone numbers. Identity theft remains one of the most pressing issues when it comes to corporate data security.
Security professionals also need to educate employees about the advisability of using virtual private networks (VPN). VPN services allow the employee to create a secure connection to another network over the Internet. VPNs can be used to access region-restricted websites and amongst other things shield browsing activity from others on public WiFi. Employers need provide a way for their employees to connect to a VPN network on the go.
Business travelers can also consider using the browser extension ‘HTTPS Everywhere’, which will automatically connect to the secure option of supported websites.
Possibly one of the simplest ways that a business can avoid the risk associated with public WiFi networks is to provide their employees with an uncapped data plan. Employees almost always log on to public WiFi networks in order to reduce data charges. This does not only apply to laptops – it is also important for mobile phones. In fact, Android mobile devices were found to be the most vulnerable to the WPA2 flaw mentioned above. Investing in an unlimited data plan will eliminate the need for accessing WiFi networks.
Public WiFi networks remain risky
It is almost inevitable that employees (including those who travel often) will be tempted to use public WiFi networks. However, it is now more important than ever that employers take a proactive stance when it comes to educating employees about the risks inherent in using these networks. Where possible employees must also have the tools necessary to mitigate the risks attached to the use of free public WiFi. The organizational policy must emphasize that the security of data is the responsibility of two parties – the employer and the employee. Regular education and the right tools are only part of a concerted effort to protect company data.