UK Firms Failing on Free Wi-Fi Security
UK organizations are falling behind their global counterparts when it comes to recognizing the risk of allowing mobile workers to use free Wi-Fi networks, according to a new study from iPass.
The mobile connectivity firm interviewed 500 CIOs and IT decision makers from the US, UK, Germany and France to compile the iPass Mobile Security Report.
It found that, while 62% of global organizations now forbid their staff from using free Wi-Fi when out and about, and a further 20% plan to do so in the future, nearly half (47%) of those in the UK still allow their mobile workers to log-on via these public hubs.
In fact, in the UK, employees were seen as the biggest mobile security threat by 64% of respondents. This is in contrast to the US, where insecure hotspots (53%) are viewed as the number one threat.
On average, 94% of global respondents said they saw free Wi-Fi as a significant mobile security threat, while 92% claimed they were concerned about the security challenges posed by a growing mobile workforce.
IPass VP of engineering, Keith Waldorf, argued that organizations need to better balance the need for low cost and convenient connectivity versus security.
“Wi-Fi is a disruptive technology that has changed the way people work, but in recent times it has also introduced formidable mobile security concerns,” he added.
“Being connected is the basic requirement of every mobile worker. However, with increasing numbers of businesses falling foul to security breaches, the number of organizations expressing a concern about mobile security is high.”
The report also revealed that although many remote workers have the option of using VPNs to secure access into the corporate network, only 26% of respondents said they’re confident that mobile staff use these at all times.
The dangers of logging in to corporate networks or sensitive online services via free and/or public Wi-Fi have long been known.
In fact, last year, F-Secure demonstrated just how easy it is – hacking the personal devices and accounts of several high profile lawmakers.
Ipass VP EMEA and APAC, Mato Petrusic, explained that Man in the Middle attacks are among the most common risks associated with using free networks, allowing the hacker to grab passwords for sensitive online and corporate accounts.
“Another type of attack with a similar goal uses ‘packet sniffing’ technology to capture data transmitted over a shared network. In this case, an attacker reads your data over an unsecured network and can decide to modify it, without the knowledge of sender or recipient,” he told Infosecurity.
“Such an attack then allows the hacker to do things such as seed false information, for example, which could be incredibly damaging to a company.”
Source: Information Security Magazine