Wi-Fi has enabled the mass adoption, use and innovation of smart devices. With connectivity creeping into almost every aspect of our lives, people have come to expect public Wi-Fi at nearly every place they go – as such Wi-Fi is no longer a want, but a need.
Still, very few networks are capable of protecting our data when we connect. Simply put, the networks don’t encrypt data (among other things), leaving a myriad of security risks.
As a mobile society, we are dependent on finding a network connection. While nearly all Wi-Fi users regularly connect to Wi-Fi in their homes, a vast majority of Wi-Fi users also connect to public Wi-Fi outside of their home.
According to research carried out by Xirrus, 83% connect to Wi-Fi at hotels, 72% connect at coffee shops and restaurants, 64% connect at airports, 48% connect in co-working spaces and 41% connect convention centres.
>See also: Total connection: Singapore’s public Wi-Fi
People access Wi-Fi anywhere they can, whether it’s for work or for leisure, which puts both business applications and personal applications at risk.
Everyone is always on the go, so Wi-Fi users are more than likely outside of their own “secure” environment at work or home.
This creates more opportunities for threats to succeed – in fact, the more public networks a user connects to, the more likely they are to download malware and bring the virus into a secure network (i.e. home or work).
Are we secure?
91% of Wi-Fi users do not believe public Wi-Fi is secure, yet 89% of Wi-Fi users choose to use it anyway.
This shows that, while more Wi-Fi users are aware of the risks, an increasing number of users connect anyway. Wi-Fi needs to have the security and performance to sustain the many different activities and applications employees are engaging in and with daily.
83% of Wi-Fi users are accessing their email, whether it’s for work or personal reasons and 43% are accessing work/ job specific information. 42% of Wi-Fi users are shopping and 18% are logging into banking applications on public Wi-Fi.
These two activities specifically expose more personal information to potential intruders. No matter what application users are accessing, personal and business critical data is exposed to potential threats.
Public Wi-Fi networks and ransomware
Wi-Fi users are aware of most cyber threats. But ransomware is the least known, despite its prevalence, evolution and danger. This leaves not only businesses but also individuals vulnerable to attack.
And yet, nearly 30% of respondents are unfamiliar with ransomware. Organisations and users are increasingly being targeted by ransomware and more often than not pay the ransom to regain control of their data.
Research from Symantec reveals that infection numbers jumped to 56,000 in March 2016, roughly double the normal rate, and the average ransom demanded by attackers more than doubled, as it rose to around £560.00 (from approximately $240.00) at the end of 2015. Cyber security expert and Senior Fellow at The Centre for Digital Government in the US, Morgan Wright states, “As ransomware gets more sophisticated, the number of victims and methods of attacks will only increase. Businesses not only have a corporate responsibility to educate their users of the risks associated with connecting to public Wi-Fi, but also to give them the necessary tools to avoid attack.”
Wi-Fi users blame themselves more often than not if they get hacked
Our research suggests that 85% of Wi-Fi users would blame themselves if they get hacked, while only 32% would blame the Wi-Fi vendor and 24% would blame the venue.
Most businesses do not equip their employees with the information and tools to stay vigilant and safe. Because of this, Wi-Fi users carry the burden of corporate mismanagement. 39% said their employers have offered one or two training sessions in the past year.
With the cyber security threat landscape becoming increasingly complex, employees with unsafe cybersecurity habits put both themselves and their employer at risk.
Working with Human Resources, it is up to the organisations’ CIOs, CISOs and IT leaders to put into practice regular cyber security training sessions for employees, so they are not only aware of the risks out there, but also know how to avoid them.
Yet sadly, there is a large gap between employers who encourage security when traveling, and those that do not. The majority (47%) say their employers encourage them to use a VPN when traveling for business. But over a quarter say their employers don’t recommend any security measures when travelling.
People give plenty of thought to keeping physical possessions safe when stepping out of their home. They pack away jewellery, laptops and smartphones, or keep them close by. While these physical possessions stay top of mind for people, data on the other hand, does not draw the same attention.
The Centre for Digital Government in the US provides the following tips before connecting to public Wi-Fi:
- Update your security software and operating system
- Put a PIN or passcode on all your mobile devices
- Get identity theft protection with comprehensive restoration
- Encrypt all of your data
- Carry the security of your personal network everywhere you go
Secure personal networks via a simple, one-time process that authenticates all devices, ensure the data across Wi-Fi users’ platforms is safe inside the public network at all times.
Unlike a VPN, which encrypts end-to-end connections back to a corporate network and requires additional software, a user can easily create their own secure personal network that automatically encrypts the data on the Wi-Fi network.
Regardless of concerns around public Wi-Fi and the security risk, people continue to use it. The need to connect supersedes security implications.
Additionally, employers are not stressing the importance of staying vigilant while outside of the secure corporate or home network, which is problematic.
As illustrated by this research, much remains to be done to change this mindset among Wi-Fi users and enterprises alike.